Skip to content

Security and Bug Fix Release for v4.9
Compare
Choose a tag to compare
@barryo barryo released this 08 Mar 16:54
· 1821 commits to master since this release
v4.9.3
71b0f6c

This is a security and bug fix release for version v4.9.

If you are not yet running v4.9.0, please [follow the release notes for v4.9.0] and upgrade to v4.9.0 first. (It is not necessary to upgrade to v4.9.1 or v4.9.2, you can go straight from v4.9.0 -> v4.9.3.)

Quick Upgrade Instructions

This security and bug fix only has code changes and so the upgrade process is simple - in your IXP Manager installation directory (referred to as ${IXPROOT} in the usual upgrade instructions just run the following:

git fetch --all
git checkout v4.9.3

Security Fixes

Fix an inventive XSS vulnerability with data retrieved via RIPE REST for AS objects. We have also added sanitisation to other services we pull data from. Thanks to Cynthia Revström for reporting this.

## Bug Fixes

  • [DB] Add remember_token to user entity (9682787)
  • [BF] Update UserController.php - allow . in usernames (fixes #507 with thanks to @listerr)
  • [BF] Remove hardcoded "INEX" in email subject. (fixes #506 with thanks to @listerr)
Assets 2
Loading