Skip to content

2.26.1 / 2021-05-18
Compare
Choose a tag to compare
@prombot prombot released this 18 May 14:45
v2.26.1
This tag was signed with the committer’s verified signature.
csmarchbanks Chris Marchbanks
GPG key ID: B7FD940BC86A8E7A
Learn about vigilant mode.
6eeded0
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

This release contains a bug fix for a security issue in the API endpoint. An
attacker can craft a special URL that redirects a user to any endpoint via an
HTTP 302 response. See the security advisory for more details.

This vulnerability has been reported by Aaron Devaney from MDSec.

  • [BUGFIX] SECURITY: Fix arbitrary redirects under the /new endpoint (CVE-2021-29622)
Assets 38
Loading