Skip to content

2.27.1 / 2021-05-18

Compare
Choose a tag to compare
@prombot prombot released this 18 May 14:45
v2.27.1
db7f0bc

This release contains a bug fix for a security issue in the API endpoint. An
attacker can craft a special URL that redirects a user to any endpoint via an
HTTP 302 response. See the security advisory for more details.

This vulnerability has been reported by Aaron Devaney from MDSec.

  • [BUGFIX] SECURITY: Fix arbitrary redirects under the /new endpoint (CVE-2021-29622)