tickets #158293
closedUpdate Weblate to remediate CVE-2022-23915
0%
Description
The currently installed version was found to be 28 versions behind the latest stable release.
Since then, 2 security issues have been resolved, one of them I consider relevant: https://docs.weblate.org/de/weblate-4.14/changes.html#weblate-4-11-1.
I understand new/untrusted users cannot use the "add project" and "add component" features, but I think it would still be good to remediate considering the application is running in our internal network.
Updated by ateixeira 3 months ago
crameleon wrote:
The currently installed version was found to be 28 versions behind the latest stable release.
Since then, 2 security issues have been resolved, one of them I consider relevant: https://docs.weblate.org/de/weblate-4.14/changes.html#weblate-4-11-1.
I understand new/untrusted users cannot use the "add project" and "add component" features, but I think it would still be good to remediate considering the application is running in our internal network.
Hello. The SUSE localization team is working on moving this instance to weblate cloud infrastructure, and in that case weblate team would handle updates. I'm not sure how far along they are in this process. I got in contact with them to see if we have any idea of when the move is going to be completed.
In case they still don't have an exact date, or if it will take too long, I will look into either updating weblate or patching the CVEs.
I'll get back to you soon with an update on this.