From cdced04dfbbcac02f7df868e01c1000fb0ab54d4 Mon Sep 17 00:00:00 2001 From: Povilas Kanapickas Date: Thu, 23 May 2019 04:12:57 +0300 Subject: [PATCH 1/3] relnotes: Add relnote for v1.8.1 --- master/docs/relnotes/index.rst | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/master/docs/relnotes/index.rst b/master/docs/relnotes/index.rst index 716178e1c..1ad61b66d 100644 --- a/master/docs/relnotes/index.rst +++ b/master/docs/relnotes/index.rst @@ -10,6 +10,17 @@ Release Notes .. towncrier release notes start +Buildbot ``1.8.1`` ( ``2019-02-02`` ) +===================================== + +Bug fixes +--------- + +- Fix CRLF injection vulnerability with validating user provided redirect parameters + (https://github.com/buildbot/buildbot/wiki/CRLF-injection-in-Buildbot-login-and-logout-redirect-code) + Thanks to ``mik317`` and ``mariadb`` for reporting it. + + Buildbot ``1.8.0`` ( ``2019-01-20`` ) ===================================== From 0fb44172475863f71885d4f993108f0d93cbac85 Mon Sep 17 00:00:00 2001 From: Povilas Kanapickas Date: Thu, 23 May 2019 04:13:43 +0300 Subject: [PATCH 2/3] relnotes: Add relnote for v1.8.2 --- master/docs/relnotes/index.rst | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/master/docs/relnotes/index.rst b/master/docs/relnotes/index.rst index 1ad61b66d..9c065c51c 100644 --- a/master/docs/relnotes/index.rst +++ b/master/docs/relnotes/index.rst @@ -10,6 +10,17 @@ Release Notes .. towncrier release notes start +Buildbot ``1.8.2`` ( ``2019-05-22`` ) +===================================== + +Bug fixes +--------- + +- Fix vulnerability in OAuth where user-submitted authorization token was used for authentication + (https://github.com/buildbot/buildbot/wiki/OAuth-vulnerability-in-using-submitted-authorization-token-for-authentication) + Thanks to Phillip Kuhrt for reporting it. + + Buildbot ``1.8.1`` ( ``2019-02-02`` ) ===================================== From a844457f0539841b4f695ffebb343eab2be6f248 Mon Sep 17 00:00:00 2001 From: Povilas Kanapickas Date: Thu, 23 May 2019 04:18:21 +0300 Subject: [PATCH 3/3] docs: Update spelling word list --- master/docs/spelling_wordlist.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/master/docs/spelling_wordlist.txt b/master/docs/spelling_wordlist.txt index be3803fde..777b90908 100644 --- a/master/docs/spelling_wordlist.txt +++ b/master/docs/spelling_wordlist.txt @@ -425,6 +425,7 @@ KiB kibibytes kube kubernetes +Kuhrt kv kwargs latin