mirror of
https://git.selfprivacy.org/SelfPrivacy/selfprivacy.org.git
synced 2024-09-19 18:07:52 +00:00
docs(en): Add credits for the vuln disclosure
This commit is contained in:
Inex Code
parent
1c5c6c84d5
commit
8d1afd679f
|
|
@ -149,7 +149,7 @@ This release is made possible with the support of [NLnet foundation](https://nln
|
||||||
|
|
||||||
This release contains a fix for a security vulnerability. We recommend updating as soon as possible.
|
This release contains a fix for a security vulnerability. We recommend updating as soon as possible.
|
||||||
|
|
||||||
A security researcher discovered that the application used an insecure random number generator. This could allow an attacker to predict the random numbers generated by the application, which could lead to a variety of security issues.
|
[UnblvR](https://x.com/UnblvR1) discovered that the application used an insecure random number generator. This could allow an attacker to predict the random numbers generated by the application, which could lead to a variety of security issues.
|
||||||
|
|
||||||
While we believe the risk of exploitation is low, we recommend that you update the token on your original device:
|
While we believe the risk of exploitation is low, we recommend that you update the token on your original device:
|
||||||
|
|
||||||
|
|
@ -162,7 +162,7 @@ Only the token of the initial device might be vulnerable. Tokens of other device
|
||||||
|
|
||||||
Servers created with this version and newer will not be vulnerable to this.
|
Servers created with this version and newer will not be vulnerable to this.
|
||||||
|
|
||||||
We haven't received information from the security researcher on how to credit them, and will update this changelog on our website and git forge when we do.
|
We would like to thank UnblvR for the responsible disclosure of the vulnerability.
|
||||||
|
|
||||||
### Features
|
### Features
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue