Skip to content
Snippets Groups Projects
Verified Commit dcd5e48d authored by Timm Fitschen's avatar Timm Fitschen
Browse files

REL: prepare release 0.12.1

parent 56b45310
No related branches found
No related tags found
1 merge request!111Release 0.12.1
Pipeline #44914 passed
Stage: info
Stage: setup
Stage: test
Stage: deploy
Hide whitespace changes
Inline Side-by-side
CHANGELOG.md
+ 20
9
View file @ dcd5e48d
......@@ -5,20 +5,31 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [Unreleased]
### Added
### Changed
### Deprecated
### Removed
## [0.12.1] - 2023-12-13
(Timm Fitschen)
### Fixed
* Insufficient permission checks during subproperty filters of SELECT queries
when an entity with retrieve permissions references one without
[linkahead-server#244](https://gitlab.com/linkahead/linkahead-server/-/issues/244)
* Insufficient permission checks in queries when a name of an invisible record
is used in a filter where a visible record references the invisible one
[linkahead-server#242](https://gitlab.com/linkahead/linkahead-server/-/issues/242)
### Security
This is an important security patch release. The bugs
[linkahead-server#244](https://gitlab.com/linkahead/linkahead-server/-/issues/244)
and
[linkahead-server#242](https://gitlab.com/linkahead/linkahead-server/-/issues/242)
possibly leak sensitive data when an attacker with read access to linkahead
(i.e. the attacker needs an active user account or anonymous needs to be
enabled) can guess the name of entities or properties of referenced entities
and construct a malicious FIND or SELECT statement and when the attacker has
read permissions for an entity which references the entities containing the
sensitive information. See the bug reports for more information.
## [0.12.0] - 2023-10-25
(Timm Fitschen)
......
CITATION.cff
+ 2
2
View file @ dcd5e48d
......@@ -23,6 +23,6 @@ authors:
given-names: Stefan
orcid: https://orcid.org/0000-0001-7214-8125
title: "CaosDB - Server"
version: 0.12.0
version: 0.12.1
doi: 10.3390/data4020083
date-released: 2023-10-25
date-released: 2023-12-13
caosdb-webui @ 6e4db2f9
Subproject commit d5f9090eca25a92fc44dbeeba305768e8d9f4bcb
Subproject commit 6e4db2f99e1d441bbda9ccca85fae45526018406
pom.xml
+ 1
1
View file @ dcd5e48d
......@@ -25,7 +25,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.caosdb</groupId>
<artifactId>caosdb-server</artifactId>
<version>0.13.0-SNAPSHOT</version>
<version>0.12.1</version>
<packaging>jar</packaging>
<name>CaosDB Server</name>
<scm>
......
src/doc/conf.py
+ 2
2
View file @ dcd5e48d
......@@ -26,9 +26,9 @@ copyright = '2023, IndiScale GmbH'
author = 'Daniel Hornung, Timm Fitschen'
# The short X.Y version
version = '0.13.0'
version = '0.12.1'
# The full version, including alpha/beta/rc tags
release = '0.13.0-dev'
release = '0.12.1'
# -- General configuration ---------------------------------------------------
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment