From 8d1afd679f7070aca3bc3fa02b4572f19f6b7f49 Mon Sep 17 00:00:00 2001 From: Inex Code Date: Fri, 23 Aug 2024 15:02:22 +0300 Subject: [PATCH] docs(en): Add credits for the vuln disclosure --- content/en/blog/releases/0.12.0.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/en/blog/releases/0.12.0.md b/content/en/blog/releases/0.12.0.md index 11c8978..475e750 100644 --- a/content/en/blog/releases/0.12.0.md +++ b/content/en/blog/releases/0.12.0.md @@ -149,7 +149,7 @@ This release is made possible with the support of [NLnet foundation](https://nln This release contains a fix for a security vulnerability. We recommend updating as soon as possible. -A security researcher discovered that the application used an insecure random number generator. This could allow an attacker to predict the random numbers generated by the application, which could lead to a variety of security issues. +[UnblvR](https://x.com/UnblvR1) discovered that the application used an insecure random number generator. This could allow an attacker to predict the random numbers generated by the application, which could lead to a variety of security issues. While we believe the risk of exploitation is low, we recommend that you update the token on your original device: @@ -162,7 +162,7 @@ Only the token of the initial device might be vulnerable. Tokens of other device Servers created with this version and newer will not be vulnerable to this. -We haven't received information from the security researcher on how to credit them, and will update this changelog on our website and git forge when we do. +We would like to thank UnblvR for the responsible disclosure of the vulnerability. ### Features