2019.1.8
·
2 commits
to stable-2019.1
since this release
This is the eighth hotfix for 2019.1 and contains the fix for the security vulnerability around unauthenticated access to the select users dialog AND the fix for the security vulnerability around unauthenticated access to files within the 'manager' directory.
See GHSA-79w4-xjfh-9rmf and GHSA-vjw3-62cq-7xgg.
Note: This hotfix introduces a new privilege, LIST_USERS, which protects the select users dialogs across openEQUELLA. After applying the hotfix, no users will be granted this privilege by default. Your administrators will need to grant this privilege to the relevant users/groups/roles.