This 2.12.6 release fixes a security issue - the severity of the CVE is Low. All issues fixed in this release are subject to public disclosure on June 17, 2022. Please make sure to update your systems in time.
We would like to thank hoangnguyen for responsibly disclosing and assisting with the fixing this security issue.
What's Changed
- Fixed a security issue which allowed anyone to see the values of a room's settings (#3508)
- The only information accessible was the value of the 5 toggles in the room settings modal (whether it was true or false)
- No access codes or "private" information is visible
- Updated multiple gems for security reasons (#3497, #3480, #3459)