Skip to content

AIL Framework version 2.9 released with a critical security fix (CVE-2020-8545) and minor bugs fixed

Compare
Choose a tag to compare
@adulau adulau released this 03 Feb 15:34
· 1298 commits to master since this release
8770bf0

AIL Framework version 2.9 released with a critical security fix (CVE-2020-8545) and minor bugs fixed

This release of AIL includes a major security fix for CVE-2020-8545. The security vulnerability was in the handler of the global feed which could allow malicious feed providers to overwrite and potentially, execute Python code in the environment. This release also includes various bugs fixed. We urge users to upgrade as soon as possible.

Changes

  • [domain explorer] domains explorer v2, filter domains by daterange.
    [Terrtia]

Fix

  • [IPAddress] catch empty config error. [Terrtia]
  • [Global: already saved filename] save updated + filter duplicated
    items. [Terrtia]
  • [Global: filename provided by all feeders] avoid path tranversal.
    [Terrtia]
  • [Domain explorer UI] fix daterange pagination links. [Terrtia]
  • [Tag core] check if item_date type is an integer. [Terrtia]