docs(en): Add credits for the vuln disclosure

This commit is contained in:
Inex Code 2024-08-23 15:02:22 +03:00
parent 1c5c6c84d5
commit 8d1afd679f

View file

@ -149,7 +149,7 @@ This release is made possible with the support of [NLnet foundation](https://nln
This release contains a fix for a security vulnerability. We recommend updating as soon as possible.
A security researcher discovered that the application used an insecure random number generator. This could allow an attacker to predict the random numbers generated by the application, which could lead to a variety of security issues.
[UnblvR](https://x.com/UnblvR1) discovered that the application used an insecure random number generator. This could allow an attacker to predict the random numbers generated by the application, which could lead to a variety of security issues.
While we believe the risk of exploitation is low, we recommend that you update the token on your original device:
@ -162,7 +162,7 @@ Only the token of the initial device might be vulnerable. Tokens of other device
Servers created with this version and newer will not be vulnerable to this.
We haven't received information from the security researcher on how to credit them, and will update this changelog on our website and git forge when we do.
We would like to thank UnblvR for the responsible disclosure of the vulnerability.
### Features