Skip to content

AIL Framework version 2.9 released with a critical security fix (CVE-2020-8545) and minor bugs fixed
Compare
Choose a tag to compare
@adulau adulau released this 03 Feb 15:34
· 1092 commits to master since this release
v2.9
8770bf0
This commit was signed with the committer’s verified signature.
Terrtia Thirion Aurélien
GPG key ID: 1E1B1F50D84613D0
Learn about vigilant mode.

AIL Framework version 2.9 released with a critical security fix (CVE-2020-8545) and minor bugs fixed

This release of AIL includes a major security fix for CVE-2020-8545. The security vulnerability was in the handler of the global feed which could allow malicious feed providers to overwrite and potentially, execute Python code in the environment. This release also includes various bugs fixed. We urge users to upgrade as soon as possible.

Changes

  • [domain explorer] domains explorer v2, filter domains by daterange.
    [Terrtia]

Fix

  • [IPAddress] catch empty config error. [Terrtia]
  • [Global: already saved filename] save updated + filter duplicated
    items. [Terrtia]
  • [Global: filename provided by all feeders] avoid path tranversal.
    [Terrtia]
  • [Domain explorer UI] fix daterange pagination links. [Terrtia]
  • [Tag core] check if item_date type is an integer. [Terrtia]
Assets 2