FYI
-------- Forwarded Message -------- Subject: [gluon] [ANNOUNCE][SECURITY] Gluon v2021.1.2 Date: Thu, 5 May 2022 19:38:00 +0200 From: Matthias Schiffer mschiffer@universe-factory.net To: gluon@luebeck.freifunk.net CC: Freifunk Firmware Entwicklung firmware-devel@freifunk.net, WLANware wlanware@freifunk.net
Hi everyone,
with mixed feelings, we're announcing the release of Gluon v2021.1.2. **This version fixes a critical vulnerability in the autoupdater:**
https://github.com/freifunk-gluon/gluon/security/advisories/GHSA-xqhj-fmc7-f...
All nodes with autoupdater must be updated.
Furthermore, the new release also contains the usual round of smaller fixes and other improvements, including a low-severity security issue allowing Cross-Site Request Forgery in the config mode. The full list of changes can be found in the release notes as usual:
https://gluon.readthedocs.io/en/latest/releases/v2021.1.2.html
In addition to v2021.1.x, we have pushed the autoupdater bugfix to the v2020.2.x, v2020.1.x, v2019.1.x and v2018.2.x branches.
-- NeoRaider
-
Jan-Tarek Butt