Skip to content

Stille Einfuegen
Compare
Choose a tag to compare
@cedricalfonsi cedricalfonsi released this 27 Apr 09:31
· 1056 commits to master since this release
v3.12.2
d654cdb

Song: https://soundcloud.com/acidpauli/stille-einfugen

This is a small security release of the API only. It addresses an information leak issue while creating a resource with encrypted description and misusing the API. A client could inadvertently insert an unencrypted version of the description along with its encrypted version in the database.

If you want to know more about the issue, checkout the incident report.

[3.12.2] - 2023-04-26

Security

  • PB-24315 As signed-in user creating resources with encrypted description the API should not store unencrypted descriptions even if provided by the client
  • PB-24316 Cleanup description of resources with resource type password and description
Assets 2