[eduVPN-deploy] [2023-02-10] Package Updates (3.x) *Security Update*
François Kooman
fkooman at deic.dk
Fri Feb 10 13:37:00 CET 2023
Hi all,
* vpn-user-portal: 3.3.1 [1]
* php-oauth2-server: 7.4.0, 7.5.0, 7.5.1, 7.5.2 [2]
* php-secookie: 6.2.0 [3]
Optional component used by some eduVPN / Let's Connect! installations:
* php-saml-sp: 2.1.1 [4]
Recently a security audit has been performed by Cure53. They found a
number of issues in the code that have been fixed in the latest
releases. We hope to update the CHANGES.md files early next week to
include all details and make the audit report available.
**PLEASE MAKE SURE TO INSTALL UPDATES AS SOON AS POSSIBLE!!**
Furthermore there is an assortment of other issues that have been solved
and improvements made that you can read about in the CHANGES.md files
and associated tickets. The Go components were rebuilt with a newer
version of the Go compiler on some platforms.
Let us know if you have any questions, remarks or suggestions!
Regards,
François
[1]
https://git.sr.ht/~fkooman/vpn-user-portal/tree/v3/item/CHANGES.md#331-2023-02-09
[2]
https://git.sr.ht/~fkooman/php-oauth2-server/tree/main/item/CHANGES.md#752-2023-02-09
[3]
https://git.sr.ht/~fkooman/php-secookie/tree/main/item/CHANGES.md#620-2023-02-08
[4]
https://git.sr.ht/~fkooman/php-saml-sp/tree/main/item/CHANGES.md#211-2023-02-01
More information about the eduVPN-deploy
mailing list