Verified Commit 54056262 authored by georg's avatar georg

index: Add news entry about CVE-2018-3760 (Path traversal in sprockets)

Closes #35
parent f496a577
Pipeline #17962 passed with stages
in 51 seconds
......@@ -34,12 +34,12 @@ These projects also belong to the schleuder-family:
<div class='block' id='news'>
### News
<span class='date'>2018-07-18</span>: **Vulnerability in dependency of schleuder-web.** Anyone running schleuder-web should update the gem sprockets by running "bundle update sprockets" as soon as possible. (See [CVE-2018-3760]( for details.)
<span class='date'>2018-05-14</span>: **Schleuder 3.2.3 released!** This release fixes some bugs, e.g. with emails sent by Thunderbird/Enigmail with "protected subjects" (they are not leaked anymore and keywords can be found again). Also error messages are converted into human readable text now, instead of giving their class-name. And we moved the project to our own domain,! For all details please see the [changelog]( Packages for Debian and CentOS will follow as soon as possible. *This release is **not** related to "efail" (a disclosure of vulnerabilities in email-programs that handle encrypted HTML-messages).*
<span class='date'>2018-03-28</span>: **Vulnerability in dependencies of schleuder-web.** Anyone running schleuder-web should update the gems "loofah" and "rails-html-sanitizer" by running "bundle update loofah rails-html-sanitizer" as soon as possible. (See [CVE-2018-8048]( and [CVE-2018-3741]( for details.)
<span class='date'>2018-02-19</span>: **Linux-packages for Schleuder 3.2.2 available.** For Debian (stretch-backports) and CentOS (EL 7) there are now packages of Schleuder version 3.2.2 available to easily install and upgrade it. Please see the [installation instructions]( for details on how to use the packages. For details about version 3.2.2 please read the [changelog](
*Older news can be found in the [archive of the announce-mailinglist](*
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment