tabshift/pocketbase
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bumped golang.org/x/net to 0.33.0

Browse Source
This commit is contained in:
Gani Georgiev
2024-12-19 10:09:05 +02:00
parent c847a6bc88
commit 7147633f96
33 changed files with 54 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGELOG_16_22.md
View File

@@ -2,6 +2,12 @@
> For the most recent versions, please refer to [CHANGELOG.md](./CHANGELOG.md)
---
## v0.22.29
- (_Backported from v0.23.11_) Upgraded `golang.org/x/net` to 0.33.0 to fix [CVE-2024-45338](https://www.cve.org/CVERecord?id=CVE-2024-45338).
_PocketBase uses the vulnerable functions primarily for the auto html->text mail generation, but most applications shouldn't be affected unless you are manually embedding unrestricted user provided value in your mail templates._
## v0.22.28
- (_Backported from v0.23.10_) Renew the superuser file token cache when clicking on the thumb preview or download link ([#6137](https://github.com/pocketbase/pocketbase/discussions/6137)).