v1.48.1: Security Update
pglombardo
released this
06 Nov 21:37
·
156 commits
to refs/heads/master
since this release
This release fixes CVE-2024-51989 (a potential XSS vulnerability) that was introduced in v1.41.1.
All users that are self-hosting and using the login system, please update to this version to best mitigate risk. Details, description and more available in the Github Security Advisory.
Thanks to @igniter07 for reporting!
📝 What’s Changed
- Sanitize Confirmation Parameter (#2736) @pglombardo
- Allow Anonymous=false: Fix after sign up redirect path (#2735) @pglombardo
⬆️ Dependencies updates
- ⬆️ Bump parser from 3.3.5.1 to 3.3.6.0 (#2734) @dependabot
- ⬆️ Bump json from 2.7.5 to 2.7.6 (#2733) @dependabot
👥 List of contributors
@dependabot, @dependabot[bot] and @pglombardo
🛥️ Docker Images
Available on Docker Hub:
https://hub.docker.com/r/pglombardo/pwpush
🏃♂️ Run This Version
docker run -d -p 5100:5100 pglombardo/pwpush:1.48.1
..and go to http://localhost:5100