Skip to content

9.5.10
Compare
Choose a tag to compare
@trasher trasher released this 03 Nov 12:52
· 33 commits to 9.5/bugfixes since this release
9.5.10
e0dc8bc

This is a security release, upgrading is recommended

Download it

This release fixes several security issues that has been recently discovered. Update is recommended!

You will find below the list of security issues fixed in this bugfixes version:

  • [SECURITY - Low] Blind SSRF in RSS feeds and planning (CVE-2022-39276)
  • [SECURITY - Low] Stored XSS in user information (CVE-2022-39372)
  • [SECURITY - Low] Improper input validation on emails links (CVE-2022-39376)
  • [SECURITY - Moderate] Improper access to debug panel (CVE-2022-39370)
  • [SECURITY - Moderate] User's session persist after permanently deleting his account (CVE-2022-39234)
  • [SECURITY - Moderate] Stored XSS on login page (CVE-2022-39262)
  • [SECURITY - Moderate] XSS in external links (CVE-2022-39277)
  • [SECURITY - Moderate] XSS through public RSS feed (CVE-2022-39375)
  • [SECURITY - High] SQL Injection on REST API (CVE-2022-39323)

Regards.

Assets 3