From 2814a8e9513de2d196ae61c2373983030ed86aa9 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 21 Nov 2023 18:13:41 +0100 Subject: [PATCH] website/docs: add CVE-2023-48228 to release notes Signed-off-by: Jens Langhammer --- website/docs/releases/2023/v2023.10.md | 1 + website/docs/releases/2023/v2023.8.md | 6 +++++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/website/docs/releases/2023/v2023.10.md b/website/docs/releases/2023/v2023.10.md index 6adfbf0d4..a1f74470c 100644 --- a/website/docs/releases/2023/v2023.10.md +++ b/website/docs/releases/2023/v2023.10.md @@ -161,6 +161,7 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2023.10 - providers/proxy: Fix duplicate cookies when using file system store. (cherry-pick #7541) (#7544) - providers/scim: fix missing schemas attribute for User and Group (cherry-pick #7477) (#7596) - root: specify node and python versions in respective config files, deduplicate in CI (#7620) +- security: fix [CVE-2023-48228](../../security/CVE-2023-48228.md), Reported by [@Sapd](https://github.com/Sapd) (#7666) - stages/email: use uuid for email confirmation token instead of username (cherry-pick #7581) (#7584) - web/admin: fix admins not able to delete MFA devices (#7660) diff --git a/website/docs/releases/2023/v2023.8.md b/website/docs/releases/2023/v2023.8.md index fc74e70e4..476a03caa 100644 --- a/website/docs/releases/2023/v2023.8.md +++ b/website/docs/releases/2023/v2023.8.md @@ -157,7 +157,11 @@ image: ## Fixed in 2023.8.4 -- \*: fix [GHSA-rjvp-29xq-f62w](../security/GHSA-rjvp-29xq-f62w), Reported by [@devSparkle](https://github.com/devSparkle) +- security: fix [GHSA-rjvp-29xq-f62w](../security/GHSA-rjvp-29xq-f62w), Reported by [@devSparkle](https://github.com/devSparkle) + +## Fixed in 2023.8.5 + +- security: fix [CVE-2023-48228](../../security/CVE-2023-48228.md), Reported by [@Sapd](https://github.com/Sapd) (#7666) ## API Changes