From 6e755a26f9cc07976b2083a3cb0613bf1d5d6390 Mon Sep 17 00:00:00 2001 From: Ozzie Isaacs Date: Sat, 21 Oct 2023 14:33:22 +0200 Subject: [PATCH] Version update Updated security file --- SECURITY.md | 7 +++++++ cps/constants.py | 2 +- setup.cfg | 1 + 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index f37c62dc..e4ab1a8d 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -38,6 +38,13 @@ To receive fixes for security vulnerabilities it is required to always upgrade t | V 0.6.18 | Possible SQL Injection is prevented in user table Thanks to Iman Sharafaldin (Forward Security) |CVE-2022-30765| | V 0.6.18 | The SSRF protection no longer can be bypassed by IPV6/IPV4 embedding. Thanks to @416e6e61 |CVE-2022-0939| | V 0.6.18 | The SSRF protection no longer can be bypassed to connect to other servers in the local network. Thanks to @michaellrowley |CVE-2022-0990| +| V 0.6.20 | Credentials for emails are now stored encrypted || +| V 0.6.20 | Login is rate limited || +| V 0.6.20 | Passwordstrength can be forced || +| V 0.6.21 | SMTP server credentials are no longer returned to client || +| V 0.6.21 | Cross-site scripting (XSS) stored in href bypasses filter using data wrapper no longer possible || +| V 0.6.21 | Cross-site scripting (XSS) is no longer possible via pathchooser || +| V 0.6.21 | Error Handling at non existent rating, language, and user downloaded books was fixed || ## Statement regarding Log4j (CVE-2021-44228 and related) diff --git a/cps/constants.py b/cps/constants.py index 08a16a19..e8c52a68 100644 --- a/cps/constants.py +++ b/cps/constants.py @@ -163,7 +163,7 @@ def selected_roles(dictionary): BookMeta = namedtuple('BookMeta', 'file_path, extension, title, author, cover, description, tags, series, ' 'series_id, languages, publisher, pubdate, identifiers') -STABLE_VERSION = {'version': '0.6.21'} +STABLE_VERSION = {'version': '0.6.22 Beta'} NIGHTLY_VERSION = dict() NIGHTLY_VERSION[0] = '$Format:%H$' diff --git a/setup.cfg b/setup.cfg index 4dd18210..4bcd1a11 100644 --- a/setup.cfg +++ b/setup.cfg @@ -58,6 +58,7 @@ install_requires = chardet>=3.0.0,<4.1.0 advocate>=1.0.0,<1.1.0 Flask-Limiter>=2.3.0,<3.5.0 + [options.packages.find] where = src