Skip to content
Snippets Groups Projects
Select Git revision
  • q-based-learning-progress
  • customization/univie-dev
  • 2.x protected
  • sst-cleanup
  • 2.7 protected
  • master default protected
  • content-group-updating
  • ldap-and-sso-auth-endpoints
  • api-proxy-path-handling
  • account-activation-reset
  • pac4j-saml-npe
  • fix-motd-npe
  • pac4j-saml
  • dev-docs
  • spring-message-to-stomp-adapter
  • publish-room-access
  • pwd-reset-mail-with-key
  • ci-docker
  • lms-caching
  • 2.6 protected
  • v2.7.4 protected
  • v2.7.3 protected
  • v2.7.2 protected
  • v2.7.1 protected
  • v2.6.4 protected
  • v2.5.10 protected
  • v2.7.0 protected
  • v2.6.3 protected
  • v2.5.9 protected
  • v2.6.2 protected
  • v2.5.8 protected
  • v2.6.1 protected
  • v2.6.0 protected
  • v2.5.7 protected
  • v2.5.6 protected
  • v2.5.5 protected
  • v2.5.4 protected
  • v2.5.3 protected
  • v2.5.2 protected
  • v2.5.1 protected
40 results
Blame History Permalink
To find the state of this project's repository at the time of any of these versions, check out the tags.
CHANGELOG.md 7.39 KiB

Changelog

2.3.4

This release fixes a minor security vulnerability which allowed an attacker to remove a MotD from a session without being the creator.

Additional changes:

  • Libraries have been upgraded to fix potential bugs

2.3.3

This release fixes a security vulnerability caused by the CORS implementation. Origins allowed for CORS can now be set in the configuration via security.cors.origins. (Reported by Rainer Rillke at Wikimedia)

Additional changes:

  • Libraries have been upgraded to fix potential bugs

2.2.2

This release fixes a security vulnerability caused by the CORS implementation. Origins allowed for CORS can now be set in the configuration via security.cors.origins. (Reported by Rainer Rillke at Wikimedia)

Additional changes:

  • Libraries have been upgraded to fix potential bugs

2.1.2

This release fixes a security vulnerability caused by the CORS implementation. Support for cross-origin requests has been removed. Use ARSnova version 2.2 or newer for proper CORS. (Reported by Rainer Rillke at Wikimedia)

Additional changes:

  • Libraries have been upgraded to fix potential bugs

2.0.4

This release fixes a security vulnerability caused by the CORS implementation. Support for cross-origin requests has been removed. Use ARSnova version 2.2 or newer for proper CORS. (Reported by Rainer Rillke at Wikimedia)

Additional changes:

  • Libraries have been upgraded to fix potential bugs

2.3.2

This release fixes a security vulnerability in the account management API. It is highly recommended to upgrade if you are using database authentication.

Additional changes:

  • Libraries have been upgraded to fix potential bugs

2.2.1

This release fixes a security vulnerability in the account management API. It is highly recommended to upgrade if you are using database authentication.

Additional bug fixes:

  • The security.authentication.login-try-limit setting now works as intended.

2.1.1

This release fixes a security vulnerability in the account management API. It is highly recommended to upgrade if you are using database authentication.

Additional changes:

  • Libraries have been upgraded to fix potential bugs

2.0.3

This release fixes a security vulnerability in the account management API. It is highly recommended to upgrade if you are using database authentication.

Additional changes:

  • Libraries have been upgraded to fix potential bugs
  • Some unnecessary log warnings for Websocket communication are filtered

2.3.1

Bug fixes:

  • Case-insensitive user IDs are now correctly handled for LDAP authentication.
  • LDAP authentication does no longer request unnecessary user attributes.