Update 0.3.5.md

This commit is contained in:
Stefan Pejcic 2024-11-07 18:16:36 +01:00 committed by GitHub
parent 00732e9778
commit c6df945ed5
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -13,6 +13,16 @@ Not yet released.
- [Error IDs](https://i.postimg.cc/dtC3M7Mq/500.png) to help administrators trace OpenPanel errors with the new command [`opencli error`](https://dev.openpanel.com/cli/error.html).
- [`opencli domais-delete` command](https://dev.openpanel.com/cli/domains.html#Delete-Domain).
### ️🚨 Security fixes
- *Insecure Permission Modification via Fix Permission Function* vulnerability in 'OpenPanel > Files > Fix Permissions' allowed an attacker to access other files outside of the `/home/username/` directory within the user's container.
- *Remote Code Execution via Fix Permission* vulnerability in 'OpenPanel > Files > Fix Permissions' allowed an attacker to execute commands inside the OpenPanel UI container which is accessible to all users.
- *Remote Code Execution via Change Time Zone* vulnerability in 'OpenPanel > Server > Change TimeZone' allowed an attacker to execute commands inside the OpenPanel UI container which is accessible to all users.
- *Unauthorized File Access via Copy Function* vulnerability in 'copy' function on the 'OpenPanel > File Manager' page allowed an attacker to access files from the OpenPanel UI container.
- *Unauthorized File Access via Compress Function* vulnerability in 'compress' function on the 'OpenPanel > File Manager' page allowed an attacker to compress files from the OpenPanel UI container.
- *Unauthorized File Access* vulnerability in the url parsing on 'OpenPanel > File Manager' page allowed an attacker to access files from the OpenPanel UI container.
- *Unauthorized File Access via Download Function* vulnerability in 'download' function on the 'OpenPanel > File Manager' page allowed an attacker to download files from the OpenPanel UI container.
- *Unauthorized File Access via View Function* path traversal vulnerability in 'view file' function on the 'OpenPanel > File Manager' page allowed an attacker to manipulate the file path and view files from the OpenPanel UI container.
### 🐛 Bug fixes
- [#66](https://github.com/stefanpejcic/OpenPanel/issues/66), [#265](https://github.com/stefanpejcic/OpenPanel/issues/265), [#266](https://github.com/stefanpejcic/OpenPanel/issues/266), [#268](https://github.com/stefanpejcic/OpenPanel/issues/268), [#269](https://github.com/stefanpejcic/OpenPanel/issues/269), [#271](https://github.com/stefanpejcic/OpenPanel/issues/271)
- Fixed bugs with [install script on Debian12 Hetzner ISO](https://community.openpanel.org/d/110-installation-issue/6).
@ -24,13 +34,3 @@ Not yet released.
- Optimized `openpanel/openpanel:latest` docker image.
- `git` and `apparmor` are now installed automatically on Debian12.
### ️🚨 Security fixes
- *Insecure Permission Modification via Fix Permission Function* vulnerability in 'OpenPanel > Files > Fix Permissions' allowed an attacker to access other files outside of the `/home/username/` directory within the user's container.
- *Remote Code Execution via Fix Permission* vulnerability in 'OpenPanel > Files > Fix Permissions' allowed an attacker to execute commands inside the OpenPanel UI container which is accessible to all users.
- *Remote Code Execution via Change Time Zone* vulnerability in 'OpenPanel > Server > Change TimeZone' allowed an attacker to execute commands inside the OpenPanel UI container which is accessible to all users.
- *Unauthorized File Access via Copy Function* vulnerability in 'copy' function on the 'OpenPanel > File Manager' page allowed an attacker to access files from the OpenPanel UI container.
- *Unauthorized File Access via Compress Function* vulnerability in 'compress' function on the 'OpenPanel > File Manager' page allowed an attacker to compress files from the OpenPanel UI container.
- *Unauthorized File Access* vulnerability in the url parsing on 'OpenPanel > File Manager' page allowed an attacker to access files from the OpenPanel UI container.
- *Unauthorized File Access via Download Function* vulnerability in 'download' function on the 'OpenPanel > File Manager' page allowed an attacker to download files from the OpenPanel UI container.
- *Unauthorized File Access via View Function* path traversal vulnerability in 'view file' function on the 'OpenPanel > File Manager' page allowed an attacker to manipulate the file path and view files from the OpenPanel UI container.