Release 10.1.0

[kelson42]

Following remark from @legoktm at #721 (comment)

---

Thanks, so a597870 was only included in 10.0.0 (no released Debian versions are affected, just unstable).

Could we do a 10.0.2 release with just this cherry-picked? I note that even library.kiwix.org is vulnerable to this. Or if 10.1.0 is coming pretty soon then waiting wouldn't be too bad.

And we should also get a CVE ID assigned for this vulnerability, @kelson42 if you haven't gone through this process before I'm happy to help out.

---

I also believe we should not wait to much to make the release of 10.1.0.

• Secure the CI is green on git master
• Kiwix-Build is OK
• Update the Changelog
• Update version
• Close current milestone and create new one incrementaly (a priori a minor version)
• Create a tag on git
• Secure new source/sbinaries are published on http://download.kiwix.org
• Update the Github release with the Changelog
• Create new empty entry in Changelog (placeholder for future entries)
• Publicize these new versions

[kelson42]

@legoktm I never made a CVE report before indeed. If you can do one, thank you.

[legoktm]

Thank you for putting out the release, I just requested a CVE ID, and will comment here when it is assigned.

[carnil]

Looks CVE-2022-27920 got assigned to this issue.

[kelson42]

@carnil Thx for noticing, this shoudl be fixed in libkiwix 10.1.0 we have released a few days ago.