supervisor v3.1.4 Release Notes
Release Date: 2017-07-24 // over 6 years ago-
- 🛠 Backported from Supervisor 3.3.3: Fixed CVE-2017-11610. A vulnerability
was found where an authenticated client can send a malicious XML-RPC request
to
supervisord
that will run arbitrary shell commands on the server. The commands will be run as the same user assupervisord
. Depending on howsupervisord
has been configured, this may be root. See https://github.com/Supervisor/supervisor/issues/964 for details.
- 🛠 Backported from Supervisor 3.3.3: Fixed CVE-2017-11610. A vulnerability
was found where an authenticated client can send a malicious XML-RPC request
to