tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-04-08 17:15:08 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update CHANGELOG

Browse Source
This commit is contained in:
Johannes Meyer 2022-03-04 16:39:53 +01:00
parent c478a5413d
commit 1d80b88bf6
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
CHANGELOG.md
View File

@ -4,6 +4,19 @@ Please make sure to always read our [Upgrading](doc/80-Upgrading.md) documentati
## What's New
### What's New in Version 2.8.6
**Notice**: This is a security release. It is recommended to upgrade to this release if you don't plan to upgrade to v2.9.0.
#### Security Fixes
This release includes two security related fixes. Both were published as part of a security advisory on Github.
They allow admins to run arbitrary PHP code just by accessing the UI and may disclose unwanted details to
restricted users. Please check the respective advisory for details.
* SSH resources allow arbitrary code execution for authenticated users [GHSA-v9mv-h52f-7g63](https://github.com/Icinga/icingaweb2/security/advisories/GHSA-v9mv-h52f-7g63)
* Unwanted disclosure of hosts and related data, linked to decommissioned services [GHSA-qcmg-vr56-x9wf](https://github.com/Icinga/icingaweb2/security/advisories/GHSA-qcmg-vr56-x9wf)
### What's New in Version 2.8.5
This minor release backports two small fixes to the v2.8.x branch: