Skip to content

v10.2.1
Compare
Choose a tag to compare
@thomasmalbaux thomasmalbaux released this 19 Nov 10:00
· 456 commits to master since this release
v10.2.1
6271b7a
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Security

  • [Critical] Fix OS command injection vulnerability in installations of
    Sharetribe Go that do not set explicitly the sns_notification_token
    configuration variable (which is unset by default). Discoverer/Credits: Wang Sheng of State Grid Sichuan Electric Power Research Institute. #5b844f

Upgrade from 10.2.0 to 10.2.1

The new version contains a critical security fix that you should review. Otherwise, see the General update instructions.

Assets 2