Hey everyone, We just published openwisp-controller 0.8.4 on PYPI <https://pypi.org/project/openwisp-controller/0.8.4/> which contains the security patch with some other small fixes. We took utmost care to not introduce any breaking changes. Ideally, you should be able to upgrade to this version from 0.8.3 without any issues. If you face any problem, do let us now. You can read the release notes <https://github.com/openwisp/openwisp-controller/releases/tag/0.8.4> for more details.
We urge everyone to upgrade to the this latest version. Best, Gagan Deep On Saturday, April 10, 2021 at 12:03:35 AM UTC+5:30 f.capoano wrote: > Clarification: the bug is affecting 0.7.x and 0.8.x. > We're preparing version 0.8.4 which patches the issues. > > 0.7.x will remain unpatched so I urge anybody using that version to plan > an upgrade. > > Best regards > *Federico Capoano* > OpenWISP OÜ > Harjumaa, Tallinn, Sepapaja tn 6, 15551 > VAT: EE101989729 > *openwisp.io* <http://openwisp.io> > > > On Fri, Apr 9, 2021 at 12:14 PM Federico Capoano <[email protected]> > wrote: > >> We found some low security issues >> <https://docs.djangoproject.com/en/dev/internals/security/#how-django-discloses-security-issues> >> >> with OpenWISP Controller 0.7.x which allow members of organizations to find >> out UUIDs and other bits of information of other organizations, which in >> turn may be used to try to obtain more information. >> >> We are preparing a security release to address these issues. WIll keep >> you updated. >> >> Best regards >> *Federico Capoano* >> > -- You received this message because you are subscribed to the Google Groups "OpenWISP" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web, visit https://groups.google.com/d/msgid/openwisp/7299e86b-2414-475d-b189-ffae212e939cn%40googlegroups.com.
