GlobaLeaks

v5.0.93 Security

This release includes 3 security fixes for security teams reviewing exposed deployments.

Published 20d Secrets & Credentials

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 3 known CVEs

Topics

accessibility angular anonymity anticorruption bootstrap debian

+13 more

digital-human-rights digital-public-goods dompurify free-software libsodium privacy python security sqlalchemy tor twisted typescript whistleblowing

Affected surfaces

auth rbac

ReleasePort's take

Light signal

editorial:auto 9d

Release v5.0.93 adds security hardening for tenant isolation and SQLite connections.

Why it matters: Security enhancements block cross‑tenant file downloads via UUIDs, limiting data leakage; tightening SQLite connection handling reduces injection risk. Severity score of 50 indicates moderate impact across affected surfaces.

Summary

AI summary

Security enhancements prevent cross‑tenant file access and tighten SQLite connections.

Changes in this release

Type	Severity	Summary	CVE
Security
Security	Medium	Enhance isolation checks for tenant boundaries Enhance isolation checks for tenant boundaries Source: llm_adapter@2026-05-21 Confidence: high	—
Security	Medium	Correct roles checking on network config Correct roles checking on network config Source: llm_adapter@2026-05-21 Confidence: high	—
Security	Medium	Revise masking functions in relation to additional questionnaire Revise masking functions in relation to additional questionnaire Source: llm_adapter@2026-05-21 Confidence: high	—
Security	Medium	Limit context and recipients association to users of the same tenant Limit context and recipients association to users of the same tenant Source: llm_adapter@2026-05-21 Confidence: high	—
Security	Medium	Ensure whistleblowers could not download files that are private to recipients even knowing the UUID Ensure whistleblowers could not download files that are private to recipients even knowing the UUID Source: llm_adapter@2026-05-21 Confidence: low	—
Security	Medium	Prevent whistleblowers from downloading private files via UUID Prevent whistleblowers from downloading private files via UUID Source: granite4.1:30b@2026-05-22-audit Confidence: low	—
Dependency	Medium	Bump angular to 20.3.21 Bump angular to 20.3.21 Source: llm_adapter@2026-05-21 Confidence: low	—
Dependency	Medium	Bump client dependencies to their latest stable version Bump client dependencies to their latest stable version Source: llm_adapter@2026-05-21 Confidence: low	—
Performance	Medium	Tighten SQLite connection hardening Tighten SQLite connection hardening Source: llm_adapter@2026-05-21 Confidence: high	—

Full changelog

Changes in version 5.0.93

Implement security enhancements following auditors suggestions:
-- Enhance isolation checks for tenant boundaries
-- Correct roles checking on network config
-- Revise masking functions in relation to additional questionnaire
-- Limit context and recipients association to users of the same tenant
-- Ensure whistleblowers could not download files that are private to recipients even knowing the UUID
-- Tighten SQLite connection hardening
Bump angular to 20.3.21
Bump client dependencies to their latest stable version

Security Fixes

Prevent whistleblowers from downloading files private to other recipients even with UUID knowledge
Enhance tenant boundary isolation checks and roles validation on network config
Tighten SQLite connection hardening

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track GlobaLeaks

Get notified when new releases ship.

About GlobaLeaks

Whistleblowing software enabling anyone to easily set up and maintain a secure reporting platform.

All releases →

GlobaLeaks

ReleasePort's take

Summary

Changes in this release

Security Fixes

Related context

Related tools