This is an automated email from the ASF dual-hosted git repository. brondsem pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/allura.git
The following commit(s) were added to refs/heads/master by this push: new 4efffe10d publicize security fix in CHANGES file 4efffe10d is described below commit 4efffe10d70200f80f4b9d8dfecabdccbc637757 Author: Dave Brondsema <dbronds...@slashdotmedia.com> AuthorDate: Mon Jun 10 12:03:30 2024 -0400 publicize security fix in CHANGES file --- CHANGES | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGES b/CHANGES index 54a507069..9afcfb0c7 100644 --- a/CHANGES +++ b/CHANGES @@ -17,6 +17,9 @@ Upgrade Instructions - optionally `session.read_original_format = true` and rename `session.validate_key` to `session.original_format_validate_key` for backwards compatibility. Remove after a transition period - optionally `session.write_original_format = true` if it takes a while to deploy all your code to multiple hosts/procs. Then remove once all processes have new code. +Critical Security Fix + * [#8561] CVE 2024-36471 DNS rebinding during imports + Breaking Changes * [#8556] deprecate has_access(..)() syntax. Custom extensions using this syntax will need to remove the second ()