🆕 We released OpenProject 15.4.2 today. This release contains several bug fixes and we highly recommend updating to the newest version.

See our release notes for details: https://openproject.org/docs/release-notes/15-4-2/

#OpenProject #ProjectManagement #Release #OpenSource #PatchRelease

🆕 We just released OpenProject 15.4.1. The release contains several bug fixes and we highly recommend updating to the newest version.

See our release notes for details: https://www.openproject.org/docs/release-notes/15-4-1/

#OpenProject #ProjectManagement #Release #OpenSource #PatchRelease

GitLab Security Update: Critical Patches Released

Date: April 24, 2024
CVE: Multiple (e.g., CVE-2024-4024, CVE-2024-2434)
Vulnerability Type: Authentication Issues, Path Traversal, DoS, Information Disclosure
CWE: [[CWE-287]], [[CWE-22]], [[CWE-400]], [[CWE-284]]
Sources: GitLab Security Release

Issue Summary

GitLab has released critical security updates (16.11.1, 16.10.4, 16.9.6) addressing multiple high and medium severity vulnerabilities across various versions. The identified issues include authentication bypass, path traversal, and denial of service attacks.

Technical Key findings

Key vulnerabilities allow unauthorized account access, server file reading, and service disruption due to inadequate input validation and authentication checks.

Table of security fixes

|Title|Severity|
|---|---|
|GitLab account takeover, under certain conditions, when using Bitbucket as an OAuth provider|High|
|Path Traversal leads to DoS and Restricted File Read|High|
|Unauthenticated ReDoS in FileFinder when using wildcard filters in project file search|High|
|Personal Access Token scopes not honoured by GraphQL subscriptions|Medium|
|Domain based restrictions bypass using a crafted email address|Medium|

Vulnerable products

• GitLab Community Edition (CE)
• GitLab Enterprise Edition (EE)all versions starting from 7.8 before 16.9.6all versions starting from 16.10 before 16.10.4 all versions starting from 16.11 before 16.11.1.

Impact assessment

Exploits could lead to account takeovers, unauthorized access to sensitive data, and significant service disruptions affecting availability and integrity.

Patches or workaround

Upgrading to the latest versions (16.11.1, 16.10.4, 16.9.6) is strongly recommended as they contain necessary security fixes. To update GitLab, see the Update page.

Tags

#GitLab #CVE-2024-4024 #CVE-2024-2434 #AuthenticationBypass #PathTraversal #DenialOfService #PatchRelease

Latest release 1.10.1

We’re happy to announce the release of a new patch for the Crystal 1.10 series, which comes with three bugfixes. To view full statistics and changes brought in by the patch release, please visit https://crystal-lang.org/2023/10/13/1.10.1-released/. Installation instructions can be found at https://crystal-lang.org/install/.

We are grateful to everyone who contributed for their work in enhancing the language.

Happy Crystalising🙂 !
#CrystalLang #Patchrelease