2020.1.6
·
8566 commits
to master
since this release
This is the sixth hotfix for 2020.1 and contains the fixes for the security vulnerabilities around unauthenticated access to the select users dialog AND the fix for the security vulnerability around unauthenticated access to files within the 'manager' directory.
See GHSA-79w4-xjfh-9rmf and GHSA-vjw3-62cq-7xgg
Note: This hotfix introduces a new privilege, LIST_USERS, which protects the select users dialogs across openEQUELLA. After applying the hotfix, no users will be granted this privilege by default. Your administrators will need to grant this privilege to the relevant users/groups/roles.