No release notes / mentions of vulnerabilities #1445
Comments
|
Thank you for bringing this issue up. I used cockpit on a couple of projects and was missing some kind of changelog or release notes as well. Maybe someone, who is more into the project, could give us his opinion on this. I personally think of something like https://keepachangelog.com/en/1.0.0/ What do you think? |
|
@MarcoDaniels Thank you very much, I must have missed this one. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Our cockpit instances were breached due to not running 0.11.2 yet.
There is no mention of any vulnerability or fix thereof except for in the commit messages (that only mention it being a "possible" vulnerability, implying it could also be safe). Is it possible to do some automatic release notes based on the git commit names that are part of the releases? Or at least put mentions of these breaches in the main readme.
For those interested, breach information: https://portswigger.net/daily-swig/cockpit-cms-flaws-exposed-web-servers-to-nosql-injection-exploits
The text was updated successfully, but these errors were encountered: