This release includes 1 security fix for security teams reviewing exposed deployments.
Topics
Summary
AI summaryFixes a mass‑assignment authentication bypass vulnerability.
Full changelog
Releases coming thick and fast! 🏎️
We found (or rather someone told us about) a security issue where you could bypass auth quite simply, so we wanted to get that out as soon as possible. For that reason alone, we'd encourage upgrading as soon as possible. There's also some tweaks to the post search to respect any filters you have selected, and some HTML escaping fixes - thanks to all contributors as ever!
What's Changed
- Support for an annual plan too. by @mattwoberts in https://github.com/getfider/fider/pull/1516
- Fix mass assignment auth bypass in sign-in verification by @mattwoberts in https://github.com/getfider/fider/pull/1517
- Add rate limiting to sign-in verification code by @mattwoberts in https://github.com/getfider/fider/pull/1524
- fix(email): unescape HTML entities in rendered subject by @americodias in https://github.com/getfider/fider/pull/1513
- Harden post filter against edge cases by @lol2x in https://github.com/getfider/fider/pull/1515
New Contributors
- @americodias made their first contribution in https://github.com/getfider/fider/pull/1513
Full Changelog: https://github.com/getfider/fider/compare/v0.34.0...v0.35.0
Security Fixes
- Fix mass assignment auth bypass in sign-in verification (unspecified CVE)
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
Related context
Related tools
Beta — feedback welcome: [email protected]