github pglombardo/PasswordPusher v1.69.4
v1.69.4 [LTS]: [Security] Fix method to bypass auth for anonymous file uploads
on GitHub

3 hours ago

This is an LTS release for those who do not wish to upgrade to version 2 of Password Pusher yet.

πŸ“ What’s Changed

A way to bypass authentication to create pushes with file attachments was discovered & reported by @pyuysig. This has been fixed in this release. We will be publishing the related Github Security Advisory soon.

Thanks to @pyuysig for the great report!

Security: Fix file upload authentication enforcement

πŸ›₯️ Docker Images

Available on Docker Hub:
https://hub.docker.com/r/pglombardo/pwpush

πŸƒβ€β™‚οΈ Run This Version

  1. Point DNS to your server (e.g. pwpush.example.com).
  2. Download docker-compose.yml or clone the repo.
  3. In docker-compose.yml, uncomment and set:
    • TLS_DOMAIN: 'pwpush.example.com' for automatic Let’s Encrypt TLS.
  4. Run: 
docker compose up -d

Open https://pwpush.example.com or alternatively http://your-ip:5100.

πŸ”— Useful Links

Check out latest releases or
releases around pglombardo/PasswordPusher v1.69.4

Don't miss a new PasswordPusher release

NewReleases is sending notifications on new releases.

Get notifications