New release 2.5.1

19 views
Skip to first unread message

Jyri-Petteri Paloposki

unread,
Sep 24, 2020, 6:28:04 AM9/24/20
to Tracks mailing list
Hi,

we have a new, shiny release: 2.5.1! This new version brings some bug
fixes and of course dependency upgrades.

Joe Thorpe from Secarma disclosed an XSS issue that was inadvertently
fixed in 2.5.0 by another bug fix. Tracks previously rendered XSS
content in the user’s own data. The content is only shown to the user
themself, which mitigates the vulnerability in the normal use case where
a single user account is only used by one person. The CVSS rating for
self-XSS is debatable and thus is not published for this issue.



I want to thank Joe for reporting the issue and for the insightful
discussion regarding the issue. Thanks to the disclosure there is now
also a written security policy for the project.

More details on the release can be found at
https://www.getontracks.org/news/comments/release-2.5.1/

Best regards,
--
Jyri-Petteri ”ZeiP” Paloposki
Tracks principal maintainer

Igor Dobryninsky

unread,
Jan 28, 2021, 6:47:36 AM1/28/21
to TracksApp
Hi,

Tracks 2.5.1 displays the following message at startup:

>--- Cut ---
fatal: not a git repository (or any parent up to mount point /)
Stopping at filesystem boundary (GIT_DISCOVERY_ACROSS_FILESYSTEM not set).
>--- Cut ---

Please tell me how to fix it?
четверг, 24 сентября 2020 г. в 13:28:04 UTC+3, jyri-petter...@iki.fi:
Reply all
Reply to author
Forward
0 new messages