github workadventure/workadventure v1.32.7

4 hours ago

Security fix

A specially crafted payload sent to the map-storage PATCH endpoint could cause the map-storage container to crash. The attacks need valid credentials to the map-storage server (which can be common for SAAS or WorkAdventure instances controlled via an AdminAPI. Congrats to https://positive.security/ on their responsible disclosure.

  • Backporting fast-json-patch revert to hotfix branch by @moufmouf in #6317

Bug fixes

  • Backporting to hotfix: Switching Screenshare to AV1 encoding by @moufmouf in #6319
  • fix(map-storage): release S3 sockets on client disconnect to prevent agent pool exhaustion by @moufmouf in #6325

Full Changelog: v1.32.6...v1.32.7

Don't miss a new workadventure release

NewReleases is sending notifications on new releases.