Release version 2.4.1

72659b09 · Daniel Gerhardt · 098902f9 · 72659b09 · 72659b09
Commit 72659b09 authored Jul 06, 2016 by Daniel Gerhardt
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 1 deletion

CHANGELOG.md CHANGELOG.md +12 -0

pom.xml pom.xml +1 -1

No files found.
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
 # Changelog

+## 2.4.1
+This release fixes a security vulnerability caused by the CORS implementation.
+Origins allowed for CORS can now be set in the configuration via
+`security.cors.origins`. (Reported by Rainer Rillke at Wikimedia)
+
+Additionally, authentication via disabled services is now entirely blocked to
+fix a security vulnerability allowing guest access despite the setting
+`security.guest.enabled=false`. (Reported by Rainer Rillke at Wikimedia)
+
+Additional changes:
+* Libraries have been upgraded to fix potential bugs
+
 ## 2.3.3
 This release fixes a security vulnerability caused by the CORS implementation.
 Origins allowed for CORS can now be set in the configuration via

--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>de.thm.arsnova</groupId>
 	<artifactId>arsnova-backend</artifactId>
-	<version>2.4.1-SNAPSHOT</version>
+	<version>2.4.1</version>
 	<packaging>war</packaging>

 	<properties>