diff --git a/CHANGES.txt b/CHANGES.txt index 38c5834df..75d678575 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,3 +1,13 @@ +3.2.4 (2017-07-24) +------------------ + +- Backported from Supervisor 3.3.3: Fixed CVE-2017-11610. A vulnerability + was found where an authenticated client can send a malicious XML-RPC request + to ``supervisord`` that will run arbitrary shell commands on the server. + The commands will be run as the same user as ``supervisord``. Depending on + how ``supervisord`` has been configured, this may be root. See + https://github.com/Supervisor/supervisor/issues/964 for details. + 3.2.3 (2016-03-19) ------------------ @@ -85,6 +95,16 @@ disconnect if many other ``supervisorctl`` commands were run in parallel. Patch by Stefan Friesel. +3.1.4 (2017-07-24) +------------------ + +- Backported from Supervisor 3.3.3: Fixed CVE-2017-11610. A vulnerability + was found where an authenticated client can send a malicious XML-RPC request + to ``supervisord`` that will run arbitrary shell commands on the server. + The commands will be run as the same user as ``supervisord``. Depending on + how ``supervisord`` has been configured, this may be root. See + https://github.com/Supervisor/supervisor/issues/964 for details. + 3.1.3 (2014-10-28) ------------------ @@ -181,6 +201,16 @@ - A warning is now logged if a glob pattern in an ``[include]`` section does not match any files. Patch by Daniel Hahler. +3.0.1 (2017-07-24) +------------------ + +- Backported from Supervisor 3.3.3: Fixed CVE-2017-11610. A vulnerability + was found where an authenticated client can send a malicious XML-RPC request + to ``supervisord`` that will run arbitrary shell commands on the server. + The commands will be run as the same user as ``supervisord``. Depending on + how ``supervisord`` has been configured, this may be root. See + https://github.com/Supervisor/supervisor/issues/964 for details. + 3.0 (2013-07-30) ---------------- diff --git a/supervisor/version.txt b/supervisor/version.txt index b347b11ea..351227fca 100644 --- a/supervisor/version.txt +++ b/supervisor/version.txt @@ -1 +1 @@ -3.2.3 +3.2.4