[ixpmanager-announce] [RELEASE] V5.7.0 - Security Fix, Small Bug Fixes and Minor Improvements / Features

Barry O'Donovan barry.odonovan at inex.ie
Thu Aug 20 15:09:08 IST 2020


We are pleased to announce the immediate availability of IXP Manager 
v5.7.0.

This release primarily fixes a XSS security issue in IXP Manager. It 
also has a small number of bug fixes and improvements. All IX's running 
< v5.7.0 are advised to upgrade. This release has a minor version bump 
as there are two small database schema changes.

Full details are:

https://github.com/inex/IXP-Manager/releases/tag/v5.7.0


**Security Fix**

This release includes a fix for a XSS security bug in the looking glass 
feature. The bug allows a potential attacker to provide an IXP Manager 
user or administrator a crafted URL which would result in the execution 
of supplied JavaScript within the user's browser.

Credit to Bart Vrancken (AbuseIO CERT) for responsibly disclosing this 
issue.


  - Barry


-- 

Kind regards,
Barry O'Donovan
INEX


More information about the ixpmanager-announce mailing list