tickets #158293
closed
Update Weblate to remediate CVE-2022-23915
Added by crameleon 3 months ago.
Updated 28 days ago.
Description
The currently installed version was found to be 28 versions behind the latest stable release.
Since then, 2 security issues have been resolved, one of them I consider relevant: https://docs.weblate.org/de/weblate-4.14/changes.html#weblate-4-11-1.
I understand new/untrusted users cannot use the "add project" and "add component" features, but I think it would still be good to remediate considering the application is running in our internal network.
crameleon wrote:
The currently installed version was found to be 28 versions behind the latest stable release.
Since then, 2 security issues have been resolved, one of them I consider relevant: https://docs.weblate.org/de/weblate-4.14/changes.html#weblate-4-11-1.
I understand new/untrusted users cannot use the "add project" and "add component" features, but I think it would still be good to remediate considering the application is running in our internal network.
Hello. The SUSE localization team is working on moving this instance to weblate cloud infrastructure, and in that case weblate team would handle updates. I'm not sure how far along they are in this process. I got in contact with them to see if we have any idea of when the move is going to be completed.
In case they still don't have an exact date, or if it will take too long, I will look into either updating weblate or patching the CVEs.
I'll get back to you soon with an update on this.
- Status changed from New to Closed
- Private changed from Yes to No
Application is no longer hosted with us.
Also available in: Atom
PDF