From 669a4e4daea59036224bc4bccdf1e108cd6bd7a0 Mon Sep 17 00:00:00 2001 From: RussH Date: Mon, 30 Jan 2023 09:49:28 +0000 Subject: [PATCH 01/10] Create 2023-01-30-jan-security-and-vulnerabilities --- ...023-01-30-jan-security-and-vulnerabilities | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 _posts/2023-01-30-jan-security-and-vulnerabilities diff --git a/_posts/2023-01-30-jan-security-and-vulnerabilities b/_posts/2023-01-30-jan-security-and-vulnerabilities new file mode 100644 index 0000000..530c2b2 --- /dev/null +++ b/_posts/2023-01-30-jan-security-and-vulnerabilities @@ -0,0 +1,28 @@ +--- +layout: newsletter +title: "0.9.7 Security update" +category: newsletter +permalink: /news/2023/jan/ +--- + +## Security release and vulnerability news + +After a detailed security audit, we have released OpenCATS version 0.9.7 which detected and corrected several vulnerabilities. + +### Overview +@hansmach1ne identified a number of vulnerabilities on the 'internal' webpages and would require a valid username/password to reach. It's been greatly appreciated by the project that these vulnerabilities were checked and mitigating PR's proposed. + +I'm very appreciative of the work that they've put in here and once the release is produced will share it on the project website. + +Mitigation steps - I'd always recommend users / admins read the security guidelines and think carefully for themselves https://github.com/opencats/OpenCATS/wiki/Security-Considerations which actually include mention of some of these 'internal facing' vulnerabilities + +### Remediation +We recommend that you upgrade your opencats instance asap. + +If you wish to apply a fix instead, please view the changes in the github PR instead. + +### Thanks +We are extremely grateful to @hansmach1ne for finding these vulnerability and proposing remediation steps. + +### Support queries? +If you have any questions regarding this security fix, please visit the [User support forums](http://forums.opencat.org) or if you have found an issue with the code - then raise an [issue on github](http://github.com/opencats/opencats/issues) From c662097e7f39e5187716723dcc0faebb02a3430a Mon Sep 17 00:00:00 2001 From: RussH Date: Mon, 30 Jan 2023 09:52:13 +0000 Subject: [PATCH 02/10] Update index.html --- index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.html b/index.html index 783e1a8..cf382cb 100644 --- a/index.html +++ b/index.html @@ -11,7 +11,7 @@

The leading free & open applicant tracking system

-

Latest release v0.9.6 - Get it here.

+

Latest release v0.9.7 - Get it here.

From 7baa87e06e5b487aa2f4a69be89c79973352c80b Mon Sep 17 00:00:00 2001 From: RussH Date: Mon, 30 Jan 2023 09:55:21 +0000 Subject: [PATCH 03/10] Update index.html --- index.html | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/index.html b/index.html index cf382cb..e8fcd9c 100644 --- a/index.html +++ b/index.html @@ -87,6 +87,10 @@

FAQs

What operating systems will be supported?
All current Linux distributions will continue to be supported, as are current WAMP/XAMP installations.
+ +
How are new Vulnerabilities tracked and closed?
+
Vulnerability announcements are made in the news section, however increased code scanning has resulted in more vulnerability detections in recent months - so we will publish a tracker with all known vulnerabilities against the most recent codebase and track the open/closed status.
+ From 6beaf3fe48902e98e87a01d79714dd03c086c3b5 Mon Sep 17 00:00:00 2001 From: RussH Date: Tue, 31 Jan 2023 17:15:59 +0000 Subject: [PATCH 04/10] Update index.html --- index.html | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/index.html b/index.html index e8fcd9c..1db1055 100644 --- a/index.html +++ b/index.html @@ -19,18 +19,9 @@

The leading free & open applicant tracking system

-

Latest Features

+

OpenCATS is the open source ATS that helps you manage your recruitment process. With its customizable platform, you can streamline your recruitment process, attract top talent, and ultimately find the perfect candidate for your organization.

-

Granular ACL for user roles.

- -

Support PHP 7 and above

- -

Opencats has a current supported PHP version of PHP 7.2

- -

Improve OpenCATS for all users and solicit enhancement requests

- -

We actively encourage feature requests and for developers to contribute their customisations.

-
+
@@ -61,12 +34,22 @@

Getting involved

By participating in the OpenCATS community, you'll have the opportunity to work alongside talented individuals from around the world, collaborate on innovative solutions, and contribute to the development of a powerful ATS platform. Whether you're a developer, designer, or simply passionate about HR technology, we welcome you to get involved and help us shape the future of recruitment. Join us and be a part of a community that is making a real difference. Help us bring the power of open-source technology to the world of recruitment and make a positive impact on the industry.

-

The development is happening in the GitHub repository. We're discussing user support and ideas in the OpenCATS User forum.

+

The development is happening in the GitHub repository.

-
+ +
+
+

The OpenCATS user forum is a space for our community to come together and share ideas, ask questions, and provide support to each other. By participating in the forum, you'll have the opportunity to connect with other OpenCATS users, learn from their experiences, and gain insights into how they're using the platform to streamline their recruitment process. You'll also be able to contribute your own expertise and help others in the community. + +Not only is the user forum a great way to connect with other users and build relationships, but it's also a space where you can help us make OpenCATS even better. We rely on our community to provide us with feedback and suggestions for improvements, and the user forum is the perfect place to share your thoughts. + +So, if you're an OpenCATS user, we encourage you to get involved in the user forum today. Join the conversation, make new connections, and help us make OpenCATS the best it can be. We can't wait to hear from you in the OpenCATS User forum!

+
@@ -99,68 +82,5 @@

Stay informed

- - -
From 880e56691410f640d72598bfcef60b8c11d02948 Mon Sep 17 00:00:00 2001 From: RussH Date: Tue, 31 Jan 2023 17:50:47 +0000 Subject: [PATCH 06/10] Update nav.yml --- _data/nav.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/_data/nav.yml b/_data/nav.yml index f5f25e5..c8f01c4 100644 --- a/_data/nav.yml +++ b/_data/nav.yml @@ -4,5 +4,3 @@ url: https://documentation.opencats.org - title: News url: /news/ -- title: Demo Site - url: http://demo.opencats.org From 280e558c01047c8b0ccb8a253155218dbeee6024 Mon Sep 17 00:00:00 2001 From: RussH Date: Tue, 31 Jan 2023 17:53:17 +0000 Subject: [PATCH 07/10] Create 2023-01-30-jan-security-and-vulnerabilities.md --- ...-01-30-jan-security-and-vulnerabilities.md | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 _posts/2023-01-30-jan-security-and-vulnerabilities.md diff --git a/_posts/2023-01-30-jan-security-and-vulnerabilities.md b/_posts/2023-01-30-jan-security-and-vulnerabilities.md new file mode 100644 index 0000000..530c2b2 --- /dev/null +++ b/_posts/2023-01-30-jan-security-and-vulnerabilities.md @@ -0,0 +1,28 @@ +--- +layout: newsletter +title: "0.9.7 Security update" +category: newsletter +permalink: /news/2023/jan/ +--- + +## Security release and vulnerability news + +After a detailed security audit, we have released OpenCATS version 0.9.7 which detected and corrected several vulnerabilities. + +### Overview +@hansmach1ne identified a number of vulnerabilities on the 'internal' webpages and would require a valid username/password to reach. It's been greatly appreciated by the project that these vulnerabilities were checked and mitigating PR's proposed. + +I'm very appreciative of the work that they've put in here and once the release is produced will share it on the project website. + +Mitigation steps - I'd always recommend users / admins read the security guidelines and think carefully for themselves https://github.com/opencats/OpenCATS/wiki/Security-Considerations which actually include mention of some of these 'internal facing' vulnerabilities + +### Remediation +We recommend that you upgrade your opencats instance asap. + +If you wish to apply a fix instead, please view the changes in the github PR instead. + +### Thanks +We are extremely grateful to @hansmach1ne for finding these vulnerability and proposing remediation steps. + +### Support queries? +If you have any questions regarding this security fix, please visit the [User support forums](http://forums.opencat.org) or if you have found an issue with the code - then raise an [issue on github](http://github.com/opencats/opencats/issues) From 3ebd301dce3612e397a59437436dfcbab89ffc87 Mon Sep 17 00:00:00 2001 From: RussH Date: Tue, 31 Jan 2023 17:53:29 +0000 Subject: [PATCH 08/10] Delete 2023-01-30-jan-security-and-vulnerabilities --- ...023-01-30-jan-security-and-vulnerabilities | 28 ------------------- 1 file changed, 28 deletions(-) delete mode 100644 _posts/2023-01-30-jan-security-and-vulnerabilities diff --git a/_posts/2023-01-30-jan-security-and-vulnerabilities b/_posts/2023-01-30-jan-security-and-vulnerabilities deleted file mode 100644 index 530c2b2..0000000 --- a/_posts/2023-01-30-jan-security-and-vulnerabilities +++ /dev/null @@ -1,28 +0,0 @@ ---- -layout: newsletter -title: "0.9.7 Security update" -category: newsletter -permalink: /news/2023/jan/ ---- - -## Security release and vulnerability news - -After a detailed security audit, we have released OpenCATS version 0.9.7 which detected and corrected several vulnerabilities. - -### Overview -@hansmach1ne identified a number of vulnerabilities on the 'internal' webpages and would require a valid username/password to reach. It's been greatly appreciated by the project that these vulnerabilities were checked and mitigating PR's proposed. - -I'm very appreciative of the work that they've put in here and once the release is produced will share it on the project website. - -Mitigation steps - I'd always recommend users / admins read the security guidelines and think carefully for themselves https://github.com/opencats/OpenCATS/wiki/Security-Considerations which actually include mention of some of these 'internal facing' vulnerabilities - -### Remediation -We recommend that you upgrade your opencats instance asap. - -If you wish to apply a fix instead, please view the changes in the github PR instead. - -### Thanks -We are extremely grateful to @hansmach1ne for finding these vulnerability and proposing remediation steps. - -### Support queries? -If you have any questions regarding this security fix, please visit the [User support forums](http://forums.opencat.org) or if you have found an issue with the code - then raise an [issue on github](http://github.com/opencats/opencats/issues) From 79cb460625592628ea0f98c8c5320e4868474db6 Mon Sep 17 00:00:00 2001 From: RussH Date: Tue, 31 Jan 2023 18:07:12 +0000 Subject: [PATCH 09/10] Update index.html --- index.html | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/index.html b/index.html index 3d80bb9..11ddf2f 100644 --- a/index.html +++ b/index.html @@ -27,7 +27,7 @@

The leading free & open applicant tracking system

Getting involved

- +

Developers.. Send us your code!

OpenCATS is a dynamic open-source project that is designed to revolutionize the recruitment process. Our mission is to empower organizations to find top talent and streamline their recruitment process. We believe that community engagement is critical to achieving this goal, which is why we're inviting you to join us and be a part of this exciting project. @@ -36,9 +36,11 @@

Getting involved

Join us and be a part of a community that is making a real difference. Help us bring the power of open-source technology to the world of recruitment and make a positive impact on the industry.

The development is happening in the GitHub repository.

+
+

OpenCATS User Community

The OpenCATS user forum is a space for our community to come together and share ideas, ask questions, and provide support to each other. By participating in the forum, you'll have the opportunity to connect with other OpenCATS users, learn from their experiences, and gain insights into how they're using the platform to streamline their recruitment process. You'll also be able to contribute your own expertise and help others in the community. From c9c264c1c2c7789986f60d08d20a3bbc3f98055c Mon Sep 17 00:00:00 2001 From: RussH Date: Tue, 31 Jan 2023 18:11:03 +0000 Subject: [PATCH 10/10] Update index.html --- index.html | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/index.html b/index.html index 11ddf2f..4a51291 100644 --- a/index.html +++ b/index.html @@ -36,9 +36,9 @@

Developers.. Send us your code!

Join us and be a part of a community that is making a real difference. Help us bring the power of open-source technology to the world of recruitment and make a positive impact on the industry.

The development is happening in the GitHub repository.

-
+ -

OpenCATS User Community

@@ -53,6 +53,7 @@

OpenCATS User Community

-->
+