Skip to content

release-2.13.0

Choose a tag to compare

View all tags
@farhatahmad farhatahmad released this 18 Aug 18:44
· 1500 commits to master since this release
release-2.13.0
3622a25
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

This 2.13.0 release fixes multiple security issues (see below). All issues fixed in this release are subject to public disclosure on September 1, 2022. Please make sure to update your systems in time.

We would like to thank khanhchauminh for responsibly disclosing and assisting with the fixing this security issue.

What's Changed

  • CVE-2022-36028 - Severity: Moderate Value of return_to cookie is now checked to ensure it is a Greenlight url (#3631)
  • CVE-2022-36029 - Severity: High Sessions are now expired if the password is changed (either through forget password or profile) (#3096)
  • Removed JQuery UI which was using a version with known vulnerabilities (#3783)
  • Multiple gem updates (#3615, #3653, #3686, #3688)
  • Language updates
Assets 2
Loading