mirror of
https://github.com/bitnami/containers.git
synced 2026-04-02 23:38:16 +08:00
8bee93b811
This release contains important security fixes: - Use of AES ECB block cipher mode without IV for encrypting secrets (SECURITY-304 / CVE-2017-2598) - Items could be created with same name as existing item (SECURITY-321 / CVE-2017-2599) - Node monitor data could be viewed by low privilege users (SECURITY-343 / CVE-2017-2600) - Possible cross-site scripting vulnerability in jQuery bundled with timeline widget (SECURITY-349 / CVE-2011-4969) - Persisted cross-site scripting vulnerability in parameter names and descriptions (SECURITY-353 / CVE-2017-2601) - Outdated jbcrypt version bundled with Jenkins (SECURITY-354 / CVE-2015-0886) - Pipeline metadata files not blacklisted in agent-to-master security subsystem (SECURITY-358 / CVE-2017-2602) - User data leak in disconnected agents' config.xml API (SECURITY-362 / CVE-2017-2603) - Low privilege users were able to act on administrative monitors (SECURITY-371 / CVE-2017-2604) - Re-key admin monitor leaves behind unencrypted credentials in upgraded installations (SECURITY-376 / CVE-2017-2605) - Internal API allowed access to item names that should not be visible (SECURITY-380 / CVE-2017-2606) - Persisted cross-site scripting vulnerability in console notes (SECURITY-382 / CVE-2017-2607) - XStream remote code execution vulnerability (SECURITY-383 / CVE-2017-2608) - Information disclosure vulnerability in search suggestions (SECURITY-385 / CVE-2017-2609) - Persisted cross-site scripting vulnerability in search suggestions (SECURITY-388 / CVE-2017-2610) - Insufficient permission check for periodic processes (SECURITY-389 / CVE-2017-2611) - Low privilege users were able to override JDK download credentials (SECURITY-392 / CVE-2017-2612) - User creation CSRF using GET by admins (SECURITY-406 / CVE-2017-2613)