This is an automated email from the ASF dual-hosted git repository.
linkinstar pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/incubator-answer-website.git
The following commit(s) were added to refs/heads/main by this push:
new 687a32a03 docs(security): update security docs
687a32a03 is described below
commit 687a32a03d60ac6680b8b0142f97930a8c11a964
Author: LinkinStars <[email protected]>
AuthorDate: Sat Aug 10 10:47:55 2024 +0800
docs(security): update security docs
---
community/security.md | 16 +++++++++++++++-
1 file changed, 15 insertions(+), 1 deletion(-)
diff --git a/community/security.md b/community/security.md
index 2fd07c35e..1dabba004 100644
--- a/community/security.md
+++ b/community/security.md
@@ -8,6 +8,20 @@ The Apache Software Foundation takes a rigorous stance on
eliminating security i
# Security fixes
+## v1.3.5
+
+### CVE-2024-41888
+
+The password reset link remains valid within its expiration period even after
it has been used. This could potentially lead to the link being misused or
hijacked.
+
+https://www.cve.org/CVERecord?id=CVE-2024-41888
+
+### CVE-2024-41890
+
+User sends multiple password reset emails, each containing a valid link.
Within the link's validity period, this could potentially lead to the link
being misused or hijacked.
+
+https://www.cve.org/CVERecord?id=CVE-2024-41890
+
## v1.2.5
### CVE-2024-29217
@@ -42,4 +56,4 @@ https://www.cve.org/CVERecord?id=CVE-2024-23349
Under normal circumstances, a user can only bookmark a question once, and will
only increase the number of questions bookmarked once. However, repeat
submissions through the script can increase the number of collection of the
question many times.
-https://www.cve.org/CVERecord?id=CVE-2023-49619
\ No newline at end of file
+https://www.cve.org/CVERecord?id=CVE-2023-49619
