github engelsystem/engelsystem v3.4.1
Security update v3.4.1

latest release: v3.5.0
5 months ago

This release is based on the CCCamp23 release v3.4.0 and includes three security fixes.
For installation instructions, please read the README.

List of changes

Full Changelog: v3.4.0...v3.4.1

Functionality

  • Added session list to user settings

Fixes

  • Fixed error messages in Schedule import (CVE-2023-45152, severity low)
  • Expire all other sessions on password reset and when setting a new password (CVE-2023-45659, severity low)
  • Escape text output to prevent XSS (severity moderate to high)

"Under the hood"

  • Updated build dependencies

Don't miss a new engelsystem release

NewReleases is sending notifications on new releases.