v1.6.2
Fixed
- [Security] Fixes an authentication bypass vulerability that could allow a malicious actor to login as another user in the Panel without knowing that user's email or password.
Security Vulnerability Disclosure
Due to the severity of the vulnerability fixed in this release the technical details of the underlying bug have been embargoed until October 6th, 2021 @ 12:00 PST. At that time the following security release will become public detailing the underlying details of the vulnerability.
GHSA-5vfx-8w6m-h3v4
(High Severity) (CVSS 3.1: 8.1)
SHA256 Checksum
d6a5e0297fc8f62b2983fd90f0e2865594a3145ee8b1aef5de8c05a3e4df7a56 panel.tar.gz