Upates for new release

2022-01-24 19:18:40 +01:00 · 2022-01-24 19:18:40 +01:00 · e0e0422010
parent 01ab75a158
commit e0e0422010
2 changed files with 4 additions and 1 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@ -29,6 +29,9 @@ To receive fixes for security vulnerabilities it is required to always upgrade t
 | V 0.6.15      | Cross-Site Scripting vulnerability on uploaded cover file names. Thanks to @ibarrionuevo                           ||
 | V 0.6.15      | Creating public shelfs is now denied if user is missing the edit public shelf right. Thanks to @ibarrionuevo       ||
 | V 0.6.15      | Changed error message in case of trying to delete a shelf unauthorized. Thanks to @ibarrionuevo                    ||
+| V 0.6.16      | JavaScript could get executed on authors page. Thanks to @alicaz                                                   ||
+| V 0.6.16      | Localhost can no longer be used to upload covers. Thanks to @scara31                                               ||
+| V 0.6.16      | Another case where public shelfs could be created without permission is prevented. Thanks to @ibarrionuevo         ||


 ## Staement regarding Log4j (CVE-2021-44228 and related)
--- a/cps/constants.py
+++ b/cps/constants.py
@ -151,7 +151,7 @@ def selected_roles(dictionary):
 BookMeta = namedtuple('BookMeta', 'file_path, extension, title, author, cover, description, tags, series, '
                                  'series_id, languages, publisher')

-STABLE_VERSION = {'version': '0.6.16 Beta'}
+STABLE_VERSION = {'version': '0.6.16'}

 NIGHTLY_VERSION = {}
 NIGHTLY_VERSION[0] = '$Format:%H$'