Closed renovate[bot] closed 1 year ago
Latest commit: 0eda0a97c75236b2c65738a191d51925d0877f93
Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.
Click here to learn what changesets are, and how to add one.
Click here if you're a maintainer who wants to add a changeset to this PR
This PR contains the following updates:
2.3.0
->2.3.1
GitHub Vulnerability Alerts
CVE-2022-39322
Impact
@keystone-6/core@2.2.0 || 2.3.0
users who are using themultiselect
field, and provided field-level access control - are vulnerable to their field-level access control not being used.List-level access control is NOT affected.
Field-level access control for fields other than
multiselect
are NOT affected.Example, you are vulnerable if you are using field-level access control on a
multiselect
like the following:Mitigation
Please upgrade to
@keystone-6/core >= 2.3.1
, where this vulnerability has been closed.Workarounds
If for some reason you cannot upgrade your dependencies, you should stop using the
multiselect
field.Credits
Thanks to Marek R for reporting and submitting the pull request to fix this problem.
If you have any questions around this security advisory, please don't hesitate to contact us at security@keystonejs.com, or open an issue on GitHub.
If you have a security flaw to report for any software in this repository, please see our SECURITY policy.
Release Notes
keystonejs/keystone
### [`v2.3.1`](https://togithub.com/keystonejs/keystone/compare/f416d5b08e82bb23049908b03dd75145d5124d40...d5d0828f8b41c1930436d0352e40dd2739daf58b) [Compare Source](https://togithub.com/keystonejs/keystone/compare/f416d5b08e82bb23049908b03dd75145d5124d40...d5d0828f8b41c1930436d0352e40dd2739daf58b)Configuration
📅 Schedule: Branch creation - "" in timezone Australia/Sydney, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.