Version 4.2.12
Released: November 13, 2022
Status: Maintenance
Changes
This version includes all fixes from version 4.1.10.
Security
A patch was added to close Python’s vulnerability CVE-2007-4559
https://nvd.nist.gov/vuln/detail/CVE-2007-4559
This is a language level vulnerability which exposed older versions of Mayan EDMS only when downloading JavaScript dependencies from the NPM registry.
Exploiting this vulnerability requires compromising an existing package hosted on the NPM registry and adding Python code specifically targeting Mayan EDMS. As part of the project’s design philosophies, dependencies are only downloaded from authoritative locations and each dependency is pinned to a specific version to guarantee immutable releases.
Due to all these factors, the surface of attack of this vulnerability is very limited for older versions of Mayan EDMS, it is also very improbable, very difficulty to accomplish and very difficult to remain undetected.
There are no known actual or theoretical attacks for Mayan EDMS exploiting this vulnerability.
Other
Add a subclass of
Paththat adds the methodis_relative_tofor Python versions lower than 3.9.
Removals
None
Upgrade process
Docker Compose
Check the Docker upgrading chapter for the complete upgrade process.
Backward incompatible changes
None
Issues closed
None