Low Security Notice OpenWISP-Controller 0.7.x

Federico Capoano

unread,

Apr 9, 2021, 1:15:02 PM4/9/21

to open...@googlegroups.com

We found some low security issues with OpenWISP Controller 0.7.x which allow members of organizations to find out UUIDs and other bits of information of other organizations, which in turn may be used to try to obtain more information.

We are preparing a security release to address these issues. WIll keep you updated.

Best regards

Federico Capoano

Federico Capoano

unread,

Apr 9, 2021, 2:33:35 PM4/9/21

to open...@googlegroups.com

Clarification: the bug is affecting 0.7.x and 0.8.x.

We're preparing version 0.8.4 which patches the issues.

0.7.x will remain unpatched so I urge anybody using that version to plan an upgrade.

Best regards

Federico Capoano

OpenWISP OÜ

Harjumaa, Tallinn, Sepapaja tn 6, 15551

VAT: EE101989729

openwisp.io

Gagan Deep

unread,

Apr 9, 2021, 5:01:43 PM4/9/21

to OpenWISP

Hey everyone,

We just published openwisp-controller 0.8.4 on PYPI which contains the security patch with some other small fixes. We took utmost care to not introduce any breaking changes. Ideally, you should be able to upgrade to this version from 0.8.3 without any issues. If you face any problem, do let us now. You can read the release notes for more details.

We urge everyone to upgrade to the this latest version.

Best,

Gagan Deep

Reply all

Reply to author

Forward