Skip to content

Commit

Permalink
Prepare 3.3.3 release
Browse files Browse the repository at this point in the history
  • Loading branch information
@mnaberez
mnaberez committed Jul 24, 2017
1 parent 058f461 commit 34b690a
Show file tree
Hide file tree
Showing 2 changed files with 40 additions and 3 deletions.
41 changes: 39 additions & 2 deletions CHANGES.txt
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,12 @@
3.3.3.dev0 (Next 3.x Release)
-----------------------------
3.3.3 (2017-07-24)
------------------

- Fixed CVE-2017-11610. A vulnerability was found where an authenticated
client can send a malicious XML-RPC request to ``supervisord`` that will
run arbitrary shell commands on the server. The commands will be run as
the same user as ``supervisord``. Depending on how ``supervisord`` has been
configured, this may be root. See
https://github.com/Supervisor/supervisor/issues/964 for details.

3.3.2 (2017-06-03)
------------------
Expand Down Expand Up @@ -62,6 +69,16 @@
- Files included via the ``[include]`` section are now logged at the ``INFO``
level instead of ``WARN``. Patch by Daniel Hahler.

3.2.4 (2017-07-24)
------------------

- Backported from Supervisor 3.3.3: Fixed CVE-2017-11610. A vulnerability
was found where an authenticated client can send a malicious XML-RPC request
to ``supervisord`` that will run arbitrary shell commands on the server.
The commands will be run as the same user as ``supervisord``. Depending on
how ``supervisord`` has been configured, this may be root. See
https://github.com/Supervisor/supervisor/issues/964 for details.

3.2.3 (2016-03-19)
------------------

Expand Down Expand Up @@ -149,6 +166,16 @@
disconnect if many other ``supervisorctl`` commands were run in parallel.
Patch by Stefan Friesel.

3.1.4 (2017-07-24)
------------------

- Backported from Supervisor 3.3.3: Fixed CVE-2017-11610. A vulnerability
was found where an authenticated client can send a malicious XML-RPC request
to ``supervisord`` that will run arbitrary shell commands on the server.
The commands will be run as the same user as ``supervisord``. Depending on
how ``supervisord`` has been configured, this may be root. See
https://github.com/Supervisor/supervisor/issues/964 for details.

3.1.3 (2014-10-28)
------------------

Expand Down Expand Up @@ -245,6 +272,16 @@
- A warning is now logged if a glob pattern in an ``[include]`` section does
not match any files. Patch by Daniel Hahler.

3.0.1 (2017-07-24)
------------------

- Backported from Supervisor 3.3.3: Fixed CVE-2017-11610. A vulnerability
was found where an authenticated client can send a malicious XML-RPC request
to ``supervisord`` that will run arbitrary shell commands on the server.
The commands will be run as the same user as ``supervisord``. Depending on
how ``supervisord`` has been configured, this may be root. See
https://github.com/Supervisor/supervisor/issues/964 for details.

3.0 (2013-07-30)
----------------

Expand Down
2 changes: 1 addition & 1 deletion supervisor/version.txt
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
3.3.3.dev0
3.3.3

0 comments on commit 34b690a

Please sign in to comment.