munkireport/munkireport-php v5.6.3 on GitHub

5.6.3 (July 22, 2020)

Security release

This release patches a couple of issues found by the Datadog security team. The issues concern actions taken by authenticated users and vary from XSS vulnerabilities to SQL injection. Please update to the latest version of MunkiReport as soon as possible.

Again special thanks to Edouard Schweisguth from Datadog who wrote the security report and helped us resolve these issues.

SECURITY UPDATES

FIXES

Harden tablequery
Simplify postflight script
Make:module text field crash

MODULE UPDATES

munkireport/reportdata (v3.4 => v3.5)
munkireport/machine (v6.5 => v6.6)
munkireport/disk_report (v3.4 => v3.7)
munkireport/caching (v1.4 => v1.5)
munkireport/certificate (V1.4 => v1.5)
munkireport/comment (v3.2 => v4.0)
munkireport/devtools (v1.2 => v1.3)
munkireport/filevault_status (v1.5 => v1.6)
munkireport/homebrew (v1.2 => v1.3)
munkireport/homebrew_info (v1.2 => v1.3)
munkireport/managedinstalls (v2.5 => v2.6)
munkireport/munki_facts (v1.4 => v1.5)
munkireport/munkireportinfo (v1.6 => v1.7)
munkireport/network (v3.0 => v3.1)
munkireport/printer (v1.3 => v1.4)
munkireport/softwareupdate (v1.3 => v1.6)
munkireport/users (v1.4 => V1.7)

DEPENDENCY UPDATES

erusev/parsedown (1.7.4)
symfony/polyfill-php72 (v1.17.0 => v1.18.0)
symfony/polyfill-php70 (v1.18.0)
symfony/polyfill-intl-normalizer (v1.18.0)
symfony/polyfill-intl-idn (v1.17.0 => v1.18.0)
symfony/translation-contracts (v2.1.2 => v2.1.3)
symfony/polyfill-mbstring (v1.17.0 => v1.18.0)
symfony/polyfill-php80 (v1.17.0 => v1.18.0)
nesbot/carbon (2.35.0 => 2.36.1)
symfony/polyfill-php73 (v1.17.0 => v1.18.0)
symfony/service-contracts (v2.1.2 => v2.1.3)
symfony/polyfill-ctype (v1.17.0 => v1.18.0)
phpoption/phpoption (1.7.4 => 1.7.5)
vlucas/phpdotenv (v4.1.7 => v4.1.8)
tightenco/collect (v7.12.0 => v7.19.1)
doctrine/cache (1.10.1 => 1.10.2)

munkireport/munkireport-php v5.6.3 Munkireport 5.6.3 on GitHub

5.6.3 (July 22, 2020)

munkireport/munkireport-php v5.6.3
Munkireport 5.6.3

on GitHub