mirror of
https://github.com/stefanpejcic/openpanel
synced 2025-06-26 18:28:26 +00:00
Update 0.3.5.md
This commit is contained in:
parent
00732e9778
commit
c6df945ed5
@ -13,6 +13,16 @@ Not yet released.
|
||||
- [Error IDs](https://i.postimg.cc/dtC3M7Mq/500.png) to help administrators trace OpenPanel errors with the new command [`opencli error`](https://dev.openpanel.com/cli/error.html).
|
||||
- [`opencli domais-delete` command](https://dev.openpanel.com/cli/domains.html#Delete-Domain).
|
||||
|
||||
### ️🚨 Security fixes
|
||||
- *Insecure Permission Modification via Fix Permission Function* – vulnerability in 'OpenPanel > Files > Fix Permissions' allowed an attacker to access other files outside of the `/home/username/` directory within the user's container.
|
||||
- *Remote Code Execution via Fix Permission* – vulnerability in 'OpenPanel > Files > Fix Permissions' allowed an attacker to execute commands inside the OpenPanel UI container which is accessible to all users.
|
||||
- *Remote Code Execution via Change Time Zone* – vulnerability in 'OpenPanel > Server > Change TimeZone' allowed an attacker to execute commands inside the OpenPanel UI container which is accessible to all users.
|
||||
- *Unauthorized File Access via Copy Function* – vulnerability in 'copy' function on the 'OpenPanel > File Manager' page allowed an attacker to access files from the OpenPanel UI container.
|
||||
- *Unauthorized File Access via Compress Function* – vulnerability in 'compress' function on the 'OpenPanel > File Manager' page allowed an attacker to compress files from the OpenPanel UI container.
|
||||
- *Unauthorized File Access* – vulnerability in the url parsing on 'OpenPanel > File Manager' page allowed an attacker to access files from the OpenPanel UI container.
|
||||
- *Unauthorized File Access via Download Function* – vulnerability in 'download' function on the 'OpenPanel > File Manager' page allowed an attacker to download files from the OpenPanel UI container.
|
||||
- *Unauthorized File Access via View Function* – path traversal vulnerability in 'view file' function on the 'OpenPanel > File Manager' page allowed an attacker to manipulate the file path and view files from the OpenPanel UI container.
|
||||
|
||||
### 🐛 Bug fixes
|
||||
- [#66](https://github.com/stefanpejcic/OpenPanel/issues/66), [#265](https://github.com/stefanpejcic/OpenPanel/issues/265), [#266](https://github.com/stefanpejcic/OpenPanel/issues/266), [#268](https://github.com/stefanpejcic/OpenPanel/issues/268), [#269](https://github.com/stefanpejcic/OpenPanel/issues/269), [#271](https://github.com/stefanpejcic/OpenPanel/issues/271)
|
||||
- Fixed bugs with [install script on Debian12 Hetzner ISO](https://community.openpanel.org/d/110-installation-issue/6).
|
||||
@ -24,13 +34,3 @@ Not yet released.
|
||||
- Optimized `openpanel/openpanel:latest` docker image.
|
||||
- `git` and `apparmor` are now installed automatically on Debian12.
|
||||
|
||||
### ️🚨 Security fixes
|
||||
- *Insecure Permission Modification via Fix Permission Function* – vulnerability in 'OpenPanel > Files > Fix Permissions' allowed an attacker to access other files outside of the `/home/username/` directory within the user's container.
|
||||
- *Remote Code Execution via Fix Permission* – vulnerability in 'OpenPanel > Files > Fix Permissions' allowed an attacker to execute commands inside the OpenPanel UI container which is accessible to all users.
|
||||
- *Remote Code Execution via Change Time Zone* – vulnerability in 'OpenPanel > Server > Change TimeZone' allowed an attacker to execute commands inside the OpenPanel UI container which is accessible to all users.
|
||||
- *Unauthorized File Access via Copy Function* – vulnerability in 'copy' function on the 'OpenPanel > File Manager' page allowed an attacker to access files from the OpenPanel UI container.
|
||||
- *Unauthorized File Access via Compress Function* – vulnerability in 'compress' function on the 'OpenPanel > File Manager' page allowed an attacker to compress files from the OpenPanel UI container.
|
||||
- *Unauthorized File Access* – vulnerability in the url parsing on 'OpenPanel > File Manager' page allowed an attacker to access files from the OpenPanel UI container.
|
||||
- *Unauthorized File Access via Download Function* – vulnerability in 'download' function on the 'OpenPanel > File Manager' page allowed an attacker to download files from the OpenPanel UI container.
|
||||
- *Unauthorized File Access via View Function* – path traversal vulnerability in 'view file' function on the 'OpenPanel > File Manager' page allowed an attacker to manipulate the file path and view files from the OpenPanel UI container.
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user