v3.12.2 ~ Stille Einfuegen (ce)
Release date: April 26th, 2023.
This is a small security release of the API only. It addresses an information leak issue while creating a resource with encrypted description and misusing the API. A client could inadvertently insert an unencrypted version of the description along with its encrypted version in the database.
If you want to know more about the issue, checkout the incident report.
API
Security
- PB-24315 As signed-in user creating resources with encrypted description the API should not store unencrypted descriptions even if provided by the client
- PB-24316 Cleanup description of resources with resource type password and description
"Stille Einfuegen"
Listen to the release song!