diff --git a/CHANGELOG.md b/CHANGELOG.md index 9c81343..129090e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,11 @@ CHANGELOG ========= +v0.19b (August 20, 2016) +------------------------ + +This update corrects a security issue introduced in v0.18. + A remote code execution vulnerability is corrected in how the munin system monitoring graphs are generated for the control panel. The vulnerability involves an administrative user visiting a carefully crafted URL. v0.19a (August 18, 2016) diff --git a/README.md b/README.md index 2078af0..fa29cb5 100644 --- a/README.md +++ b/README.md @@ -59,7 +59,7 @@ by me: $ curl -s https://keybase.io/joshdata/key.asc | gpg --import gpg: key C10BDD81: public key "Joshua Tauberer " imported - $ git verify-tag v0.19a + $ git verify-tag v0.19b gpg: Signature made ..... using RSA key ID C10BDD81 gpg: Good signature from "Joshua Tauberer " gpg: WARNING: This key is not certified with a trusted signature! @@ -72,7 +72,7 @@ and on my [personal homepage](https://razor.occams.info/). (Of course, if this r Checkout the tag corresponding to the most recent release: - $ git checkout v0.19a + $ git checkout v0.19b Begin the installation. diff --git a/setup/bootstrap.sh b/setup/bootstrap.sh index 26ca8e9..7d180bf 100644 --- a/setup/bootstrap.sh +++ b/setup/bootstrap.sh @@ -7,7 +7,7 @@ ######################################################### if [ -z "$TAG" ]; then - TAG=v0.19a + TAG=v0.19b fi # Are we running as root?