You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Summary

As part of a routine code review, a potential vulnerability was discovered affecting Registry versions 0.9.1 through 1.0.5. More details of this issue will provided in mid February.

Severity

The severity of this vulnerability will vary according to a given configuration, but will likely be High or Very High for most deployments.

Exposure

The exposure from this vulnerability is expected to be very low, as it is unlikely that this vulnerability has been exploited. Furthermore, in most versions (especially 0.9.4 and later) simple checks are likely to be available to determine if any exploit occurred.

Recommended Mitigation

Upgrade to COmanage Registry v1.0.6 or later.

Deployments using the develop branch may pull the latest code from that branch.

Alternate Mitigations

The project will be unable to provide any support or patches for earlier versions. Due to the way the fix was implemented, it is non-trivial to backport.

Discussion

More details of this issue will provided in mid February.

  • No labels