🔒Security release
This release bumps some of our dependencies and also addresses several security issues. Please update at your earliest convenience after taking a backup and ensuring that it's working.
What's Changed
🔒Security fixes
CVE-2022-25768 - Improper access control in UI upgrade process - Reported by @mollux, fixed by @mollux and tested/reviewed by @escopecz and @patrykgruszka in GHSA-x3jx-5w6m-q2fc
CVE-2024-47058 - Cross-site Scripting (XSS) - stored (edit form) - Reported by @MatisAct, fixed by @lenonleite and tested/reviewed by @escopecz and @avikarshasaha in GHSA-xv68-rrmw-9xwf
CVE-2024-47050 - Cross-site Scripting (XSS) in contact/company tracking - Reported by @mqrtin, fixed by @patrykgruszka and tested/reviewed by @escopecz in GHSA-73gr-32wg-qhh7
CVE-2021-27917 - Cross-site Scripting (XSS) in contact tracking and page hits report - reported by @patrykgruszka, fixed by @lenonleite and tested/reviewed by @escopecz and @lenonleite in GHSA-xpc5-rr39-v8v2
CVE-2022-25770 - Removal of upgrade.php file which can have insufficient authentication - reported and fixed by @mollux, tested/reviewed by @kuzmany, @escopecz and @patrykgruszka in GHSA-qf6m-6m4g-rmrc
🪵 Changelog
Full Changelog: 4.4.12...4.4.13
SHA1(4.4.13.zip)= adce771ee8e35947c9d7c1dcc25bbbbb105a82a0
SHA1(4.4.13-update.zip)= 004862cd0e3786b5b7309e438a28e677ce0a542b