This is an automated email from the ASF dual-hosted git repository.
brondsem pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/allura.git
The following commit(s) were added to refs/heads/master by this push:
new 4efffe10d publicize security fix in CHANGES file
4efffe10d is described below
commit 4efffe10d70200f80f4b9d8dfecabdccbc637757
Author: Dave Brondsema <[email protected]>
AuthorDate: Mon Jun 10 12:03:30 2024 -0400
publicize security fix in CHANGES file
---
CHANGES | 3 +++
1 file changed, 3 insertions(+)
diff --git a/CHANGES b/CHANGES
index 54a507069..9afcfb0c7 100644
--- a/CHANGES
+++ b/CHANGES
@@ -17,6 +17,9 @@ Upgrade Instructions
- optionally `session.read_original_format = true` and rename
`session.validate_key` to `session.original_format_validate_key` for backwards
compatibility. Remove after a transition period
- optionally `session.write_original_format = true` if it takes a while to
deploy all your code to multiple hosts/procs. Then remove once all processes
have new code.
+Critical Security Fix
+ * [#8561] CVE 2024-36471 DNS rebinding during imports
+
Breaking Changes
* [#8556] deprecate has_access(..)() syntax. Custom extensions using this
syntax will need to remove the second ()
