Wavelog

Important Security Update

This release fixes a critical vulnerability affecting all existing Wavelog installations from version 1.8 onward. While we have no indication of exploitation in the wild, the risk profile changes once the fix is public and we recommend updating to 2.4.2 promptly.
If you cannot update right away, block external access to the /install/ directory at your webserver level as a temporary mitigation.

A full security advisory will be published in approximately 30 days.

Changes

• Add lightweight search page for qrz.com embedding (by @tallcode)
• Added User agent for JWKS request in sso implementation (by @HadleySo)
• Added ability to skip the first login wizard for clubstation members on first login (by @HadleySo)
• Fixed logout redirect when SSO is enabled (by @HadleySo)
• fixed a bug, where bandplan saved/adjusted by instanceowner wasn't correctly processed for user (by @int2001)
• Added automatic DXCC-Lookup at 1st login Wizard (by @int2001)
• Made the selectable OQRS-Deliverymethods configurable (by @int2001)
• Fixed a bug for Notes, where titles could be "null" (by @int2001)
• Added an option to print the OP-Field also on a label (by @int2001)
• Added SIG/SIG_INFO to LBA-Batchedit (by @int2001)
• Fixed the duplicate check in the Advanced Logbook. In some cases, it would not show duplicates (by @AndreasK79)
• Fixed the 13cm band designator in cabrillo export (by @phl0)
• Made last LoTW upload check a bit more specific (by @phl0)
• Added links to eqsl.cc and Clublog for callbook search results (by @phl0)
• Added propagation modes GWAVE and LOS (by @phl0)
• Fixed some vulnerabilities in the installer (by @HB9HIL, found by BA7LAC)
• Fixed a bug in CAT URL handling with http and https (by @HB9HIL)