Skip to content

SolidInvoice

v2.3.17 Security

This release includes 2 security fixes for security teams reviewing exposed deployments.

Published 16d Productivity & Wikis
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 2 known CVEs

Topics

billing billing-application invoice invoicing invoicing-application quotes

Affected surfaces

auth

Summary

AI summary

Fixed stored XSS via SVG logo uploads and added hashing of all API tokens.

Full changelog

Thank you to @hackfaiz for reporting the security vulnerabilities.

Full Changelog: https://github.com/SolidInvoice/SolidInvoice/compare/2.3.16...2.3.17

Security Fixes

  • CVE-2026-46489 — Prevented stored XSS via SVG logo uploads
  • CVE-2026-46622 — Hashed all API tokens in the database
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track SolidInvoice

Get notified when new releases ship.

Sign up free

About SolidInvoice

Simple and elegant invoicing solution.

All releases →

Related context

Related tools

Beta — feedback welcome: [email protected]