Hi, My apologies, the Docker images hadn't pushed correctly. They've been pushed since for 4.0.13, 5.0.7, and 6.0.2.
Christian On Wed, Jan 17, 2024 at 2:08 PM RBUser <sholland...@gmail.com> wrote: > When will the docker images for these new releases be published? > > On Tuesday, January 16, 2024 at 2:31:17 PM UTC-5 Christian Hammond wrote: > >> Hi everyone, >> >> Today's releases address a security bug discovered in-house with one of >> our APIs, and fixes stability issues in Review Board 6. >> >> See the release announcement >> <https://www.reviewboard.org/news/2024/01/16/review-board-security-bugfix-releases-6-0-2--5-0-7--4-0-13--3-0-26/> >> for full details in this release, and links to the release notes. We'll go >> over the security issue here. >> >> >> *API Security Fix* >> >> We discovered a security issue with two of our APIs while performing an >> in-house performance audit of our code. This allows a user with legitimate >> access to a Review Board server to craft a specific API request that >> returns diff content they wouldn't normally have permission to access >> (draft diffs or published diffs associated with a private repository or >> invite-only review group). >> >> Users *cannot* exploit this bug without legitimate access to the Review >> Board server (or the Local Site server partition, if used). >> >> We aren't aware of this vulnerability being used in the wild. It requires >> making use of an optional header when accessing these APIs, plus knowledge >> of internal database APIs for published diffs. >> >> As part of fixing this security issue, we've done the following: >> >> 1 We sent patches (and custom builds as needed) to our customers >> with Premium Support contracts. >> 2 We audited the remainder of our APIs. This type of issue was not found >> anywhere else. >> 3 We improved our testing infrastructure so that this type of issue would >> be found automatically going forward. >> >> We recommend that everyone upgrade to the appropriate release of Review >> Board. >> >> >> Thanks to our Review Board Support <https://www.reviewboard.org/support/> >> customers who have tested the patches for these releases. >> >> Christian >> >> -- >> Christian Hammond >> President/CEO of Beanbag <https://www.beanbaginc.com/> >> Makers of Review Board <https://www.reviewboard.org/> >> > -- > Supercharge your Review Board with Power Pack: > https://www.reviewboard.org/powerpack/ > Want us to host Review Board for you? Check out RBCommons: > https://rbcommons.com/ > Happy user? Let us know! https://www.reviewboard.org/users/ > --- > You received this message because you are subscribed to the Google Groups > "Review Board Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to reviewboard+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/reviewboard/a1152ec7-3879-4e52-b14d-2f34c19e077bn%40googlegroups.com > <https://groups.google.com/d/msgid/reviewboard/a1152ec7-3879-4e52-b14d-2f34c19e077bn%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- Christian Hammond President/CEO of Beanbag <https://www.beanbaginc.com/> Makers of Review Board <https://www.reviewboard.org/> -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/ Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/ Happy user? Let us know! https://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "Review Board Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/reviewboard/CAE7VndnA5CtUHX%2B-Wb79L-14JcGOgycsH-C%2Bq1cYWjm2CkBaZw%40mail.gmail.com.
