go-ipfs v0.11.1 Release
This patch release covers a couple of security fixes
Malformed DAG Traversal
This patch release fixes a security issue wherein traversing some malformed DAGs can cause the node to panic.
This was backported from v0.12.2, since some users haven't yet gone through the v0.12 migration.
See also the security advisory: GHSA-mcq2-w56r-5w2w
Docker Compose Ports
This patch release fixes a security issue with the docker-compose.yaml file in which the IPFS daemon API listens on all interfaces instead of only the loopback interface, which could allow remote callers to control your IPFS daemon. If you use the included docker-compose.yaml file, it is recommended to upgrade.
See also the security advisory: GHSA-fx5p-f64h-93xc
Thanks to @LynHyper for finding and disclosing this.
Changelog
Full Changelog
- github.com/ipfs/go-ipfs: - fix: listen on loopback for API and gateway ports in docker-compose.yaml - github.com/ipld/go-codec-dagpb (v1.3.0 -> v1.3.2): - fix: use protowire for Links bytes decoding❤ Contributors
| Contributor | Commits | Lines ± | Files Changed |
|---|---|---|---|
| Rod Vagg | 1 | +34/-19 | 2 |
| guseggert | 1 | +10/-3 | 1 |