Skip to content

0.20.7
Compare
Choose a tag to compare
@vnmedeiros vnmedeiros released this 26 Feb 17:27
· 232 commits to develop since this release
0.20.7
b61b4e5

HotFix: Vulnerable to Sensitive Data Exposure
fix:
-> The links for background process logs should be changed to be dynamically generated, for example [www.domain/logs/?id=12354](http://localhost/wp-json/tainacan/v2/bg-processes/file?guid=bg-exporter-7.log. This allows us to validate if the user is logged in to access the files.

-> Rules should be automatically added to the .htaccess file to block any requests made to wp-content/uploads/tainacan. This can be done using the WordPress function: insert_with_markers(). See: https://developer.wordpress.org/reference/functions/insert_with_markers/

changes:
9c039f5

Full Changelog: 0.20.6...0.20.7

Assets 3