FYI -------- Forwarded Message -------- Subject: [gluon] [ANNOUNCE][SECURITY] Gluon v2021.1.2 Date: Thu, 5 May 2022 19:38:00 +0200 From: Matthias Schiffer <mschiffer@universe-factory.net> To: gluon@luebeck.freifunk.net CC: Freifunk Firmware Entwicklung <firmware-devel@freifunk.net>, WLANware <wlanware@freifunk.net> Hi everyone, with mixed feelings, we're announcing the release of Gluon v2021.1.2. **This version fixes a critical vulnerability in the autoupdater:** https://github.com/freifunk-gluon/gluon/security/advisories/GHSA-xqhj-fmc7-f... All nodes with autoupdater must be updated. Furthermore, the new release also contains the usual round of smaller fixes and other improvements, including a low-severity security issue allowing Cross-Site Request Forgery in the config mode. The full list of changes can be found in the release notes as usual: https://gluon.readthedocs.io/en/latest/releases/v2021.1.2.html In addition to v2021.1.x, we have pushed the autoupdater bugfix to the v2020.2.x, v2020.1.x, v2019.1.x and v2018.2.x branches. -- NeoRaider