From 53482ee74a003b63455618891e6b62e4148a3a3b Mon Sep 17 00:00:00 2001 From: Jett Wang Date: Fri, 17 May 2024 14:24:50 +0800 Subject: [PATCH] 2024-05-17 14:24:48 : Security Update --- SECURITY.md | 19 +++++++++++++++++++ assets/buildinfo.txt | 12 ++++++------ 2 files changed, 25 insertions(+), 6 deletions(-) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..30052a71 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,19 @@ +## Security Update: XSS Vulnerability Fix + +We have released a new version (v8.0.7) that addresses a critical security vulnerability related to cross-site scripting (XSS). The issue was found in the `errmsg` parameter handling in the login endpoint. + +### Affected Versions +- Versions 8.0.1 ~ 8.0.7 + +### Fixed Versions +- Version v8.0.8 + +### Recommended Actions +We strongly recommend all users to update to the latest version (1.0.3) immediately. You can update your project by following the instructions in our documentation. + +### Reporting Security Issues +If you find any security issues, please report them to [jamiesun.net@gmail.com](mailto:jamiesun.net@gmail.com). We appreciate your help in keeping our project secure. + +Thank you for your attention to this important update. + +- The Security Team diff --git a/assets/buildinfo.txt b/assets/buildinfo.txt index 81d7bcf3..b464f649 100644 --- a/assets/buildinfo.txt +++ b/assets/buildinfo.txt @@ -1,8 +1,8 @@ -BuildVersion=latest v8.0.7 2024-05-17 13:47:07 +BuildVersion=latest v8.0.7 2024-05-17 14:24:48 ReleaseVersion=v8.0.7 -BuildTime=2024-05-17 13:47:07 +BuildTime=2024-05-17 14:24:48 BuildName=toughradius -CommitID=b4611353205746fcd10466dda836545c0cc59b37 -CommitDate=Thu, 16 May 2024 16:33:04 +0800 -CommitUser=jamiesun.net@gmail.com -CommitSubject=2024-05-16 16:32:57 : fix text error +CommitID=21a608ca5ffa2387294f22facb31d49daf9b6df3 +CommitDate=Fri, 17 May 2024 13:50:28 +0800 +CommitUser=noreply@github.com +CommitSubject=Bump golang.org/x/net from 0.19.0 to 0.23.0 (#169)