This release is fixing several security vulnerabilities! Please, upgrade ASAP!
- Security fix: Mitigate a Privilege Escalation through a Mass Assignment, fixing the
updated_ajaxaction of admin UsersController to permit only legit params- Thanks Joshua Martinelle from Tenable cybersecurity company for reporting this
- Security fix:
Sanitize fields, comments, and metas against xss attacks- Thanks glno815 for reporting this
- Removed Gemfile.lock from .gitignore - as recommended
- Fix requiring logger, because concurrent-ruby isn't doing this anymore
- Avoid CI jobs duplication
- Restrict Chromedriver to 124.x version and selenium-webdriver to 4.23.0 to avoid test failures
- Selenium isn't keeping pace with Chromes development of the Webdriver BiDi protocol, so several tests were
intermittently failing, and with Chromedriver 134.x it became totally unusable. Let's wait for future fixes
- Selenium isn't keeping pace with Chromes development of the Webdriver BiDi protocol, so several tests were