File tree Expand file tree Collapse file tree 2 files changed +17
-1
lines changed Expand file tree Collapse file tree 2 files changed +17
-1
lines changed Original file line number Diff line number Diff line change 11# Changelog
22
3+ ## [ 2.5.1]
4+
5+ ### Fixed
6+
7+ - [ SECURITY VULNERABILITY] Configuration leak, user/admin users could leak the value of any config entry
8+ from ` .env ` file by using variable placeholders. Setting values are now
9+ sanitised (GHSA-88f9 -7xxh-c688). Thanks to @thomas-chauchefoin-sonarsource
10+ - [ SECURITY VULNERABILITY] New line injection during configuration editing
11+ possible by a user/admin. Setting values are now sanitised
12+ (GHSA-9jxw -cfrh-jxq6). Thanks to @thomas-chauchefoin-sonarsource
13+ - [ SECURITY VULNERABILITY] Forced reinstall, user/admin users could trick Cachet
14+ to allow them to access the ` /setup ` endpoint and reinstall the whole
15+ instance. Fixed by preventing clearing the instance name. (GHSA-r67m -m8c7-jp83).
16+ Thanks to @thomas-chauchefoin-sonarsource
17+ - Resend edit subscription email to existing subscribers on request #52
18+
319## [ 2.5.0]
420
521This is not an exhaustive list of the all the changes made since 2.3 but
Original file line number Diff line number Diff line change 1- v2.5.1-dev
1+ v2.5.1
You can’t perform that action at this time.
0 commit comments