From 479f990d5981354c05c362700117fe086cd048a9 Mon Sep 17 00:00:00 2001 From: Johannes Meyer Date: Fri, 9 Jul 2021 11:43:52 +0200 Subject: [PATCH] Release version 2.8.3 --- CHANGELOG.md | 15 +++++++++++++++ VERSION | 2 +- library/Icinga/Application/Version.php | 2 +- modules/doc/module.info | 2 +- modules/migrate/module.info | 2 +- modules/monitoring/module.info | 2 +- modules/setup/module.info | 2 +- modules/test/module.info | 2 +- modules/translation/module.info | 2 +- 9 files changed, 23 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f994dfafb..2fac5e0a7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,21 @@ Please make sure to always read our [Upgrading](doc/80-Upgrading.md) documentati ## What's New +### What's New in Version 2.8.3 + +**Notice**: This is a security release. It is recommended to upgrade to this release if you don't plan to upgrade to v2.9.0. + +You can find all fixes related to this release on our [Project](https://github.com/Icinga/icingaweb2/projects/7). + +#### Security Fixes + +This release includes two security related fixes. Both were published as part of a security advisory on Github. +They allow the circumvention of custom variable protection rules and blacklists as well as a path traversal if +the `doc` module is enabled. Please check the respective advisory for details. + +* Custom variable protection and blacklists can be circumvented [GHSA-2xv9-886q-p7xx](https://github.com/Icinga/icingaweb2/security/advisories/GHSA-2xv9-886q-p7xx) +* Possible path traversal by use of the `doc` module [GHSA-cmgc-h4cx-3v43](https://github.com/Icinga/icingaweb2/security/advisories/GHSA-cmgc-h4cx-3v43) + ### What's New in Version 2.8.2 **Notice**: This is a security release. It is recommended to immediately upgrade to this release. diff --git a/VERSION b/VERSION index f671dd08e..37bf03162 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -v2.8.2 +v2.8.3 diff --git a/library/Icinga/Application/Version.php b/library/Icinga/Application/Version.php index a863cd439..19dfe7389 100644 --- a/library/Icinga/Application/Version.php +++ b/library/Icinga/Application/Version.php @@ -8,7 +8,7 @@ namespace Icinga\Application; */ class Version { - const VERSION = '2.8.2'; + const VERSION = '2.8.3'; /** * Get the version of this instance of Icinga Web 2 diff --git a/modules/doc/module.info b/modules/doc/module.info index 5adbceef5..97251612d 100644 --- a/modules/doc/module.info +++ b/modules/doc/module.info @@ -1,4 +1,4 @@ Module: doc -Version: 2.8.2 +Version: 2.8.3 Description: Documentation module Extracts, shows and exports documentation for Icinga Web 2 and its modules. diff --git a/modules/migrate/module.info b/modules/migrate/module.info index ef6e5aa1e..72e17023a 100644 --- a/modules/migrate/module.info +++ b/modules/migrate/module.info @@ -1,5 +1,5 @@ Module: migrate -Version: 2.8.2 +Version: 2.8.3 Description: Migrate module This module was introduced with the domain-aware authentication feature in version 2.5.0. It helps you migrating users and user configurations according to a given domain. diff --git a/modules/monitoring/module.info b/modules/monitoring/module.info index 6d3efdd32..58d0049ef 100644 --- a/modules/monitoring/module.info +++ b/modules/monitoring/module.info @@ -1,5 +1,5 @@ Module: monitoring -Version: 2.8.2 +Version: 2.8.3 Description: Icinga monitoring module IDO accessor and UI for your monitoring. This is the initial instalment for a graphical presentation of Icinga environments. The predecessor of Icinga DB. diff --git a/modules/setup/module.info b/modules/setup/module.info index d7eba9228..fcdd08c43 100644 --- a/modules/setup/module.info +++ b/modules/setup/module.info @@ -1,5 +1,5 @@ Module: setup -Version: 2.8.2 +Version: 2.8.3 Description: Setup module Web based wizard for setting up Icinga Web 2 and its modules. This includes the data backends (e.g. relational database, LDAP), diff --git a/modules/test/module.info b/modules/test/module.info index 4fcfeecd5..99cdbda40 100644 --- a/modules/test/module.info +++ b/modules/test/module.info @@ -1,5 +1,5 @@ Module: test -Version: 2.8.2 +Version: 2.8.3 Description: Translation module This module allows developers to run (unit) tests against Icinga Web 2 and any of its modules. Usually you do not need to enable this. diff --git a/modules/translation/module.info b/modules/translation/module.info index 196c63dce..432a26d6d 100644 --- a/modules/translation/module.info +++ b/modules/translation/module.info @@ -1,5 +1,5 @@ Module: translation -Version: 2.8.2 +Version: 2.8.3 Description: Translation module This module allows developers and translators to translate Icinga Web 2 and its modules for multiple languages. You do not need this module to run an