Clarification: the bug is affecting 0.7.x and 0.8.x. We're preparing version 0.8.4 which patches the issues.
0.7.x will remain unpatched so I urge anybody using that version to plan an upgrade. Best regards *Federico Capoano* OpenWISP OÜ Harjumaa, Tallinn, Sepapaja tn 6, 15551 VAT: EE101989729 *openwisp.io* <http://openwisp.io> On Fri, Apr 9, 2021 at 12:14 PM Federico Capoano <[email protected]> wrote: > We found some low security issues > <https://docs.djangoproject.com/en/dev/internals/security/#how-django-discloses-security-issues> > with OpenWISP Controller 0.7.x which allow members of organizations to find > out UUIDs and other bits of information of other organizations, which in > turn may be used to try to obtain more information. > > We are preparing a security release to address these issues. WIll keep you > updated. > > Best regards > *Federico Capoano* > -- You received this message because you are subscribed to the Google Groups "OpenWISP" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web, visit https://groups.google.com/d/msgid/openwisp/CAAGgX6KGhZDaw3j-oEMDPPC6dCBB8jta%3DZSENzR%2B850uzPiYCg%40mail.gmail.com.
