Skip to content

Security Release 2.0.10
Compare
Choose a tag to compare
@d00p d00p released this 28 Jan 19:29
· 514 commits to main since this release
2.0.10
This tag was signed with the committer’s verified signature.
d00p Michael Kaufmann
GPG key ID: F6B4A8704F9E9BBC
Verified
Learn about vigilant mode.
c5bece6
This commit was signed with the committer’s verified signature.
d00p Michael Kaufmann
GPG key ID: C121F97338D7A352
Verified
Learn about vigilant mode.
  • enforce password requirements set in settings for directory-protection
    [CWE-521: Weak Password Requirements]
  • add missing use statement for error-reporting to include the dbms version
    [CWE-391: Unchecked Error Condition]
  • validate existence of language in admin-templates
    [CWE-840: Business Logic Errors]
  • verify cronjob interval is one of the fixed available values
    [CWE-96: Static Code Injection]
  • fix possible privilege escalation from customer to root when specifying custom error documents in directory-options
    [CWE-94: Code Injection]

Full Changelog: 2.0.9...2.0.10

Assets 4
Loading