...
It's recommended to update your Notifyr installation to at least this version as it fixes some potential security issues.
Read the Notifyr Security Advisory 2021-01-15 for more information
Security Issues
To improving Notifyr and to be sure customers can safely continue using Notifyr in their critical systems, last December ASK Software joined the Bug Crowd bounty program. This program crowd-sources the research to potential security leaks and provides a bounty for those issues found. This research found 2 critical errors that have been addressed in Notifyr 5.3.
...
This has been fixed by adding additional permission checks on the pages involved and adding xsrf-tokens to the forms. These tokens prevent users from unintentionally submitting malicious data.Affected versions: Status
Status | ||||
---|---|---|---|---|
|
2. Local file including in email templates
...
The configuration has been changed so that only files from allowed paths are now included. There are currently no allowed paths configured.Affected versions: Status
Changelog
This section will contain information about the Notifyr - Notifications for Bitbucket 5.3.x minor releases as they become available.
...