0.9.7 Security update
January 2023
Security release and vulnerability news
After a detailed security audit, we have released OpenCATS version 0.9.7 which detected and corrected several vulnerabilities.
Overview
@hansmach1ne identified a number of vulnerabilities on the ‘internal’ webpages and would require a valid username/password to reach. It’s been greatly appreciated by the project that these vulnerabilities were checked and mitigating PR’s proposed.
I’m very appreciative of the work that they’ve put in here and once the release is produced will share it on the project website.
Mitigation steps - I’d always recommend users / admins read the security guidelines and think carefully for themselves https://github.com/opencats/OpenCATS/wiki/Security-Considerations which actually include mention of some of these ‘internal facing’ vulnerabilities
We recommend that you upgrade your opencats instance asap.
If you wish to apply a fix instead, please view the changes in the github PR instead.
Thanks
We are extremely grateful to @hansmach1ne for finding these vulnerability and proposing remediation steps.
Support queries?
If you have any questions regarding this security fix, please visit the User support forums or if you have found an issue with the code - then raise an issue on github
RSS feed
For an RSS reader, use this link to
the feed.
Email newsletter
If you'd prefer this newsletter going to your inbox, use a solution
similar to Blogtrottr which takes
an RSS feed and sends it to your email.
Archives
To find and read the previous newsletters, just use the
Archive page.
More frequent news
Follow us on Twitter for updates and information more frequently than
the newsletter.
