Implement a new plugin manager from scratch to replace Yapsy,
which does not work on Python 3.12 due to Python 3.12 carelessly
removing parts of the standard library (Issue #3719)
Support for Discourse as comment system (Issue #3689)
Bugfixes
Fix loading of templates from plugins with __init__.py files
(Issue #3725)
Fix margins of paragraphs at the end of sections (Issue #3704)
Ignore .DS_Store files in listing indexes (Issue #3698)
Fix baguetteBox.js invoking in the base theme (Issue #3687)
Fix development (preview) server nikola auto
for non-root SITE_URL, in particular when URL_TYPE is full_path.
(Issue #3715)
Implement a new plugin manager from scratch to replace Yapsy,
which does not work on Python 3.12 due to Python 3.12 carelessly
removing parts of the standard library (Issue #3719)
Support for Discourse as comment system (Issue #3689)
Bugfixes
Fix loading of templates from plugins with __init__.py files
(Issue #3725)
Fix margins of paragraphs at the end of sections (Issue #3704)
Ignore .DS_Store files in listing indexes (Issue #3698)
Fix baguetteBox.js invoking in the base theme (Issue #3687)
Fix development (preview) server nikola auto
for non-root SITE_URL, in particular when URL_TYPE is full_path.
(Issue #3715)
High CVE-2024-1060: Use after free in Canvas
High CVE-2024-1059: Use after free in WebRTC
High CVE-2024-1077: Use after free in Network
update to 121.0.6167.85
High CVE-2024-0807: Use after free in WebAudio
High CVE-2024-0812: Inappropriate implementation in Accessibility
High CVE-2024-0808: Integer underflow in WebUI
Medium CVE-2024-0810: Insufficient policy enforcement in DevTools
Medium CVE-2024-0814: Incorrect security UI in Payments
Medium CVE-2024-0813: Use after free in Reading Mode
Medium CVE-2024-0806: Use after free in Passwords
Medium CVE-2024-0805: Inappropriate implementation in Downloads
Medium CVE-2024-0804: Insufficient policy enforcement in iOS Security UI
Low CVE-2024-0811: Inappropriate implementation in Extensions API
Low CVE-2024-0809: Inappropriate implementation in Autofill
High CVE-2024-1060: Use after free in Canvas
High CVE-2024-1059: Use after free in WebRTC
High CVE-2024-1077: Use after free in Network
update to 121.0.6167.85
High CVE-2024-0807: Use after free in WebAudio
High CVE-2024-0812: Inappropriate implementation in Accessibility
High CVE-2024-0808: Integer underflow in WebUI
Medium CVE-2024-0810: Insufficient policy enforcement in DevTools
Medium CVE-2024-0814: Incorrect security UI in Payments
Medium CVE-2024-0813: Use after free in Reading Mode
Medium CVE-2024-0806: Use after free in Passwords
Medium CVE-2024-0805: Inappropriate implementation in Downloads
Medium CVE-2024-0804: Insufficient policy enforcement in iOS Security UI
Low CVE-2024-0811: Inappropriate implementation in Extensions API
Low CVE-2024-0809: Inappropriate implementation in Autofill
On Jan 16 2024, Atlassian released an advisory for a template injection vulnerability on Confluence Data Center and Server. That can allow an unauthenticated attacker to remotely execute malicious code on affected versions. This vulnerability is rated with a severity level of 10.0 (Critical).
What is the Vendor Solution?
Atlassian highly recommend to apply the latest version available as listed on their advisory. [ Link ]
What FortiGuard Coverage is available?
FortiGuard Labs has an IPS signature “Atlassian.Confluence.CVE-2023-22527.Remote.Code.Execution” in place for CVE-2023-22527. The FortiGuard is seeing active exploitation attempts on this vulnerability.
It was discovered that ImageMagick incorrectly handled certain values when
processing BMP files. An attacker could exploit this to cause a denial of
service.
