github inex/IXP-Manager v7.3.1
v7.3.1 - Security release

4 hours ago

INEX is pleased to announce the immediate availability of IXP Manager v7.3.1. This is primarily a security release following a responsible disclosure from @9Bakabaka.

⚠️ All IXP Manager users should upgrade to v7.3.1.

Release Summary

git --no-pager diff --shortstat v7.3.0
 13 files changed, 266 insertions(+), 360 deletions(-)

Upgrade Instructions

The official upgrade instructions can be found here.


Security Advisory: Vulnerabilities Resolved in v7.3.1

Impact: High (Remote Code Execution)

Target Audience: All IXP Manager Administrators

Summary

We have released IXP Manager v7.3.1 to address a high-impact security vulnerability. All users are strongly urged to upgrade immediately.

Identified Issues

  1. Remote Code Execution (CVE-PENDING) (CVSS Base Severity: 9.9)
    A confirmed vulnerability allows an authenticated user to achieve remote code execution on the server running IXP Manager. The CVSS Base score is 9.9 (Critical). This was responsibly disclosed via GitHub's Security Advisories platform

Remediation

The vulnerability is addressed in this v7.3.1 release. Please upgrade to v7.3.1 as soon as possible.

Acknowledgments

We would like to sincerely thank @9Bakabaka for responsibly disclosing this issue, and for the detailed report which accompanied their disclosure.


Other Improvements

  • Refactoring markdown mailable classes.

Bug Fixes

  • A crash on the contact information page was fixed.
  • The API key view page now shows the token identifier and description.

Don't miss a new IXP-Manager release

NewReleases is sending notifications on new releases.