github Part-DB/Part-DB-server v2.12.1
Part-DB 2.12.1
on GitHub

5 hours ago

Important

This version contains critical security fixes, it is recommended to update to this version immediately.

Part-DB 2.12.1

Security fixes

  • CRITICAL: Fixed issue that users with editing rights could execute arbitary php code in the docker installations by uploading phar files
  • MEDIUM: Fixed XSS issue in unsanatized log entry extra. Due to the Content-Security-Policy this has limited impact, as no arbitrary javascript can be executed.
  • MEDIUM: The APP_SECRET env must be changed to prevent forgery of REMEMBERME tokens. To be doable an attacker requires to know the secret password hash of a user, which is not obtainable without another security issue. Administrators will see an warning banner on the homepage, asking to change the APP_SECRET.

Generate an new random 32 character string with openssl rand -hex 32 and put the value for APP_SECRET into your .env.local or the environment section of the docker-compose.yaml.

Other changes

  • Updated dependencies to fix known security issues in symfony and twig
  • Updated KiCad symbol and footprint lists
Check out latest releases or
releases around Part-DB/Part-DB-server v2.12.1

Don't miss a new Part-DB-server release

NewReleases is sending notifications on new releases.

Get notifications