From 8624ebb92164f878eeb9811727ba6fba1e7720c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonne=20Ha=C3=9F?= Date: Thu, 2 Jul 2015 11:09:05 +0200 Subject: [PATCH] bump to 0.5.1.2 --- Changelog.md | 6 ++++++ config/defaults.yml | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/Changelog.md b/Changelog.md index 3dedf127c..954d1dba2 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,3 +1,9 @@ +# 0.5.1.2 + +diaspora\* versions prior 0.5.1.2 leaked potentially private profile data (namely the bio, birthday, gender and location fields) to +unauthorized users. While the frontend properly hid them, the backend missed a check to not include them in responses. +Thanks to @cmrd-senya for finding and reporting the issue. + # 0.5.1.1 Update rails to 4.2.2, rack to 1.6.2 and jquery-rails to 4.0.4. This fixes diff --git a/config/defaults.yml b/config/defaults.yml index 442cd798a..aa8622b89 100644 --- a/config/defaults.yml +++ b/config/defaults.yml @@ -4,7 +4,7 @@ defaults: version: - number: "0.5.1.1" # Do not touch unless doing a release, do not backport the version number that's in master + number: "0.5.1.2" # Do not touch unless doing a release, do not backport the version number that's in master heroku: false environment: url: "http://localhost:3000/"