mirror of https://github.com/asterisk/asterisk
Asterisk Development Team
4 months ago
parent
db0788cd35
commit
3b79feb88a
@ -1 +1 @@
|
||||
ChangeLogs/ChangeLog-certified-20.7-cert3.md
|
||||
ChangeLogs/ChangeLog-certified-20.7-cert4.md
|
||||
@ -0,0 +1,65 @@
|
||||
|
||||
## Change Log for Release asterisk-certified-20.7-cert4
|
||||
|
||||
### Links:
|
||||
|
||||
- [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-certified-20.7-cert4.md)
|
||||
- [GitHub Diff](https://github.com/asterisk/asterisk/compare/certified-20.7-cert3...certified-20.7-cert4)
|
||||
- [Tarball](https://downloads.asterisk.org/pub/telephony/certified-asterisk/asterisk-certified-20.7-cert4.tar.gz)
|
||||
- [Downloads](https://downloads.asterisk.org/pub/telephony/certified-asterisk)
|
||||
|
||||
### Summary:
|
||||
|
||||
- Commits: 1
|
||||
- Commit Authors: 1
|
||||
- Issues Resolved: 0
|
||||
- Security Advisories Resolved: 1
|
||||
- [GHSA-33x6-fj46-6rfh](https://github.com/asterisk/asterisk/security/advisories/GHSA-33x6-fj46-6rfh): Path traversal via AMI ListCategories allows access to outside files
|
||||
|
||||
### User Notes:
|
||||
|
||||
- #### manager.c: Restrict ListCategories to the configuration directory.
|
||||
The ListCategories AMI action now restricts files to the
|
||||
configured configuration directory.
|
||||
|
||||
|
||||
### Upgrade Notes:
|
||||
|
||||
|
||||
### Commit Authors:
|
||||
|
||||
- Ben Ford: (1)
|
||||
|
||||
## Issue and Commit Detail:
|
||||
|
||||
### Closed Issues:
|
||||
|
||||
- !GHSA-33x6-fj46-6rfh: Path traversal via AMI ListCategories allows access to outside files
|
||||
|
||||
### Commits By Author:
|
||||
|
||||
- #### Ben Ford (1):
|
||||
- manager.c: Restrict ListCategories to the configuration directory.
|
||||
|
||||
|
||||
### Commit List:
|
||||
|
||||
- manager.c: Restrict ListCategories to the configuration directory.
|
||||
|
||||
### Commit Details:
|
||||
|
||||
#### manager.c: Restrict ListCategories to the configuration directory.
|
||||
Author: Ben Ford
|
||||
Date: 2024-12-17
|
||||
|
||||
When using the ListCategories AMI action, it was possible to traverse
|
||||
upwards through the directories to files outside of the configured
|
||||
configuration directory. This action is now restricted to the configured
|
||||
directory and an error will now be returned if the specified file is
|
||||
outside of this limitation.
|
||||
|
||||
Resolves: #GHSA-33x6-fj46-6rfh
|
||||
|
||||
UserNote: The ListCategories AMI action now restricts files to the
|
||||
configured configuration directory.
|
||||
|
||||
Loading…
Reference in new issue