[Cubicweb] [ANNOUNCE] cubicweb 3.18.8, 3.19.8, 3.20.2 released

Julien Cristau julien.cristau at logilab.fr
Mon Jan 26 13:42:16 CET 2015


Hi,

3 new cubicweb releases are out fixing an important security issue.  The
bug allowed creating entities with no permission checks in a corner case
where no attributes were being set at creation time.

Affected releases:
- 3.18.6 and 3.18.7
- 3.19.4 to 3.19.7
- 3.20.0 and 3.20.1

Fixed releases:
- 3.18.8
- 3.19.8
- 3.20.2

The 3.17 and earlier branches are not affected (but are also no longer
supported).

We'd like to thank Christophe de Vienne for reporting the issue and
Aurelien Campeas for helping with the fix.

Cheers,
Julien
-- 
Julien Cristau          <julien.cristau at logilab.fr>
Logilab		        http://www.logilab.fr/
Informatique scientifique & gestion de connaissances



More information about the Cubicweb mailing list