Security release 2.7.1
10 views
Skip to first unread message
Jyri-Petteri Paloposki
Jul 25, 2024, 6:02:15 PMJul 25
to Tracks mailing list
Hi,
there's a new, shiny release: 2.7.1! It is primarily a security release.
This release fixes a few reflected XSS vulnerabilities (CVE-2024-41805)
which enabled execution of malicious JavaScript in the context of a
user’s browser if that user clicks on a malicious link, possibly
allowing retrieval or modification of the current user’s data. The issue
is of moderate severity (score 6.1/10) with the CVSS rating
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.
The release changes the way the Dockerfile works, and because of that
requires slight changes to Docker build commands. See the documentation
for details.
It also brings a few bug fixes, dependency upgrades and locale updates.
It will also be the last release to support Ruby 3.0.
More details on the release can be found at
https://www.getontracks.org/news/comments/2.7.1/
Are you already following Tracks on Mastodon: mastodon.cloud/@TracksApp
Best regards,
--
Jyri-Petteri ”ZeiP” Paloposki
Tracks principal maintainer
there's a new, shiny release: 2.7.1! It is primarily a security release.
This release fixes a few reflected XSS vulnerabilities (CVE-2024-41805)
which enabled execution of malicious JavaScript in the context of a
user’s browser if that user clicks on a malicious link, possibly
allowing retrieval or modification of the current user’s data. The issue
is of moderate severity (score 6.1/10) with the CVSS rating
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.
The release changes the way the Dockerfile works, and because of that
requires slight changes to Docker build commands. See the documentation
for details.
It also brings a few bug fixes, dependency upgrades and locale updates.
It will also be the last release to support Ruby 3.0.
More details on the release can be found at
https://www.getontracks.org/news/comments/2.7.1/
Are you already following Tracks on Mastodon: mastodon.cloud/@TracksApp
Best regards,
--
Jyri-Petteri ”ZeiP” Paloposki
Tracks principal maintainer
Reply all
Reply to author
Forward
0 new messages