website/docs: add CVE-2023-48228 to release notes

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens Langhammer 2023-11-21 18:13:41 +01:00
parent b88e39411c
commit 2814a8e951
No known key found for this signature in database
2 changed files with 6 additions and 1 deletions

View File

@ -161,6 +161,7 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2023.10
- providers/proxy: Fix duplicate cookies when using file system store. (cherry-pick #7541) (#7544) - providers/proxy: Fix duplicate cookies when using file system store. (cherry-pick #7541) (#7544)
- providers/scim: fix missing schemas attribute for User and Group (cherry-pick #7477) (#7596) - providers/scim: fix missing schemas attribute for User and Group (cherry-pick #7477) (#7596)
- root: specify node and python versions in respective config files, deduplicate in CI (#7620) - root: specify node and python versions in respective config files, deduplicate in CI (#7620)
- security: fix [CVE-2023-48228](../../security/CVE-2023-48228.md), Reported by [@Sapd](https://github.com/Sapd) (#7666)
- stages/email: use uuid for email confirmation token instead of username (cherry-pick #7581) (#7584) - stages/email: use uuid for email confirmation token instead of username (cherry-pick #7581) (#7584)
- web/admin: fix admins not able to delete MFA devices (#7660) - web/admin: fix admins not able to delete MFA devices (#7660)

View File

@ -157,7 +157,11 @@ image:
## Fixed in 2023.8.4 ## Fixed in 2023.8.4
- \*: fix [GHSA-rjvp-29xq-f62w](../security/GHSA-rjvp-29xq-f62w), Reported by [@devSparkle](https://github.com/devSparkle) - security: fix [GHSA-rjvp-29xq-f62w](../security/GHSA-rjvp-29xq-f62w), Reported by [@devSparkle](https://github.com/devSparkle)
## Fixed in 2023.8.5
- security: fix [CVE-2023-48228](../../security/CVE-2023-48228.md), Reported by [@Sapd](https://github.com/Sapd) (#7666)
## API Changes ## API Changes