bufferUnderrun
opened 5 years ago
-
Do you have a sort of mailing list or another way to contact you for things that are not really issues but we need to discuss ?
-
I am fixing all found security vulnerabilities and will release a patch version soon. For discussions, you may just create an issue with discussion type.
-
For now, please do not expose your onedev service to outside as some security vulnerabilities are quite severe (result in remote code execution and leak code access token)
-
you mean all vulnerabilites have not been fix, some are still in v4.0.1 ?
-
4.0.1 fixes most severe ones. And 4.0.2 will fix all found vulnerabilities.
-
Previous Value Current Value Open
Closed
-
All found security vulnerabilities are now fixed in build #1014
-
Thanks !!
| Type |
Question
|
| Priority |
Normal
|
| Assignee |
Issue Votes (0)
Watchers (2)
Hi Robin,
It seems your last commits fix some security vulnerabilties.
Can you provide a build with theses updates and in a more general way as soon as you fix security issues ?
Our onedev service is exposed outside our organisation so it must be secure as soon as possible.
Thanks