This release includes an important security fix, so upgrading is strongly recommended.
An HTTP endpoint was found which exposed expvar runtime information (memory usage, goroutine counts, GC behavior, uptime and potential runtime flags) due to the Prometheus client library dependency. While this information is not typically sensitive in the sense of revealing secrets or private data, it could potentially be used by an attacker to understand more about your system. A special thanks to @lisegmbh for responsibly disclosing the vulnerability.
Security
- Prevent potential information disclosure via indirect expvar library (Prometheus)
Chore
- Add tooltip to messages nav dropdown
- Update GitHub Actions
- Update Go dependencies
- Update node dependencies