github passbolt/passbolt_api v3.12.2
Stille Einfuegen

latest releases: v4.10.0-test.1, v4.9.1, v4.9.1-test.1...
18 months ago

Song: https://soundcloud.com/acidpauli/stille-einfugen

This is a small security release of the API only. It addresses an information leak issue while creating a resource with encrypted description and misusing the API. A client could inadvertently insert an unencrypted version of the description along with its encrypted version in the database.

If you want to know more about the issue, checkout the incident report.

[3.12.2] - 2023-04-26

Security

  • PB-24315 As signed-in user creating resources with encrypted description the API should not store unencrypted descriptions even if provided by the client
  • PB-24316 Cleanup description of resources with resource type password and description

Don't miss a new passbolt_api release

NewReleases is sending notifications on new releases.