From fdd38d6cf8682e76d2f778e05cc6bbf5e4d98442 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=B8=96=E7=95=8C?= Date: Mon, 25 Sep 2023 18:03:53 +0800 Subject: [PATCH] documentation: Bump version --- docs/changelog.md | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/docs/changelog.md b/docs/changelog.md index 236e52e1..52b97c06 100644 --- a/docs/changelog.md +++ b/docs/changelog.md @@ -1,3 +1,31 @@ +#### 1.5.0-rc.5 + +* Fixed an improper authentication vulnerability in the SOCKS5 inbound +* Fixes and improvements + +**Security Advisory** + +This update fixes an improper authentication vulnerability in the sing-box SOCKS inbound. This vulnerability allows an +attacker to craft special requests to bypass user authentication. All users exposing SOCKS servers with user +authentication in an insecure environment are advised to update immediately. + +此更新修复了 sing-box SOCKS 入站中的一个不正确身份验证漏洞。 该漏洞允许攻击者制作特殊请求来绕过用户身份验证。建议所有将使用用户认证的 +SOCKS 服务器暴露在不安全环境下的用户立更新。 + +#### 1.4.5 + +* Fixed an improper authentication vulnerability in the SOCKS5 inbound +* Fixes and improvements + +**Security Advisory** + +This update fixes an improper authentication vulnerability in the sing-box SOCKS inbound. This vulnerability allows an +attacker to craft special requests to bypass user authentication. All users exposing SOCKS servers with user +authentication in an insecure environment are advised to update immediately. + +此更新修复了 sing-box SOCKS 入站中的一个不正确身份验证漏洞。 该漏洞允许攻击者制作特殊请求来绕过用户身份验证。建议所有将使用用户认证的 +SOCKS 服务器暴露在不安全环境下的用户立更新。 + #### 1.5.0-rc.3 * Fixes and improvements