[ixpmanager-announce] [RELEASE] V5.7.0 - Security Fix, Small Bug Fixes and Minor Improvements / Features
Barry O'Donovan
barry.odonovan at inex.ie
Thu Aug 20 15:09:08 IST 2020
We are pleased to announce the immediate availability of IXP Manager
v5.7.0.
This release primarily fixes a XSS security issue in IXP Manager. It
also has a small number of bug fixes and improvements. All IX's running
< v5.7.0 are advised to upgrade. This release has a minor version bump
as there are two small database schema changes.
Full details are:
https://github.com/inex/IXP-Manager/releases/tag/v5.7.0
**Security Fix**
This release includes a fix for a XSS security bug in the looking glass
feature. The bug allows a potential attacker to provide an IXP Manager
user or administrator a crafted URL which would result in the execution
of supplied JavaScript within the user's browser.
Credit to Bart Vrancken (AbuseIO CERT) for responsibly disclosing this
issue.
- Barry
--
Kind regards,
Barry O'Donovan
INEX
More information about the ixpmanager-announce
mailing list