Date | Platform | Package | Version | Description |
---|
2024-10-29 13:31:16 | x64 | jocr | 189 | Peppol - add office documents to output data |
2024-10-28 14:57:33 | x64 | jpeppol | 66 | Peppold - prefer internal cache over ELMA the first 1800 seconds to reduce third party errors. Error handling adjustment |
2024-10-28 14:35:53 | x64 | tomcat | 10.1.31 | See Apache website for changes |
2024-10-25 11:24:24 | x64 | jcomsuite | 41 | Accounting - Årsoppgjør - Closing posts for udekket tap.
Accounting - Reskontro list also include invoices and age.
Accounting - Contact edit - Changable default reskontro accounts. CSS adjustments
|
2024-10-25 09:52:42 | x64 | jwebshop | 113 | relink |
2024-10-25 09:44:59 | x64 | jaccounting | 67 | misc |
2024-10-24 09:33:36 | x64 | jftp | 38 | relink |
2024-10-23 12:43:32 | x64 | jcompanydb | 16 | no_enhetsregisteret - switched source from Digdir to Brreg |
2024-10-21 11:35:00 | x64 | j | 254 | relink |
2024-10-18 11:48:54 | x64 | pulseaudio | 17.0 | bugfixes |
2024-10-18 11:02:06 | x64 | clamav | 1.0.7 | CVE-2024-20505 PDF DoS
CVE-2024-20290 OLE2 parser heap overflow |
2024-10-18 10:37:04 | x64 | jcomsuite | 40 | Accounting - Reskontro - Show invoice data OR'ed with ledger data
Accounting - Mva-melding - show due dates since they are fixed
Accounting - Show usernames in _edit-pages instead of userid
Fix for app_chat main, contact_image remote timeout, accounting distribution single-image jdist |
2024-10-18 09:58:45 | x64 | jaccounting | 66 | Ledger::contact_list, Invoice::list paginator |
2024-10-18 09:56:58 | x64 | jwebshop | 112 | relink |
2024-10-17 14:15:16 | x64 | j | 253 | jvm vm_create - default to UEFI on Debian templates |
2024-10-17 13:21:25 | x64 | jvm | 81 | Template - Redhat variants - support for both old and new network manager config file format. Support both xfs and ext4. |
2024-10-17 11:30:24 | x64 | nodejs | 20.18.0 | Due to high amount of RCE, NodeJS is considered unsecure and not recommended for production usage.
Suggested alternative is pure V8 engine without node/npm.
* CVE-2024-36138 - Bypass incomplete fix of CVE-2024-27980 (High)
* CVE-2024-22020 - Bypass network import restriction via data URL (Medium)
* CVE-2024-22018 - fs.lstat bypasses permission model (Low)
* CVE-2024-36137 - fs.fchown/fchmod bypasses permission model (Low)
* CVE-2024-37372 - Permission model improperly processes UNC paths (Low)
* CVE-2024-27983 - Assertion failed in node::http2::Http2Session::\~Http2Session() leads to HTTP/2 server crash- (High)
* CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation - (Medium)
* CVE-2024-21892 - Code injection and privilege escalation through Linux capabilities- (High)
* CVE-2024-22019 - http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
* CVE-2024-21896 - Path traversal by monkey-patching Buffer internals- (High)
* CVE-2024-22017 - setuid() does not drop all privileges due to io\_uring - (High)
* CVE-2023-46809 - Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
* CVE-2024-21891 - Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)
* CVE-2024-21890 - Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)
* CVE-2024-22025 - Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
|
2024-10-14 14:10:40 | x64 | firefox | 131.0.3 | CVE-2024-9680 - use-after-free in Animation timelines |
2024-10-11 13:29:45 | x64 | kernel-initramfs | 3 | Updates to bash, coreutils, jlinux |
2024-10-11 13:25:01 | x64 | kernel | 6.6.56 | Virtio bad gso csum performance fix ( 3e713b73c01fac163a5c8cb0953d1e300407a773 ) |
2024-10-11 11:58:33 | x64 | ruby | 3.3.5 | CVE-2024-43398, CVE-2024-41946, CVE-2024-41123 - REXML
|
2024-10-09 10:50:49 | x64 | jmyklikk | 64 | API, servers_edit - Apply customer discounts in MRC calculations
CSS adjustments |
2024-10-09 10:44:33 | x64 | jwebshop | 111 | ABI 5 change
Accounting ABI 4
Customer - expose discount |
2024-10-09 10:42:05 | x64 | jaccounting | 65 | ABI 4.0 change. Customer account_id and t_created/modified |
2024-10-09 09:06:19 | x64 | wordpress-plugin-jcloud | 6 | settings page - jid user list fix |
2024-10-04 12:13:16 | x64 | wordpress-plugin-jcloud | 5 | Dashboard - Sales statistics with UTM campaigns
Dashboard - JID admins - also list shop_manager roles |
2024-10-04 09:55:43 | x64 | jhoneypot | 3 | use last abuse contact in case of multiple, but use all contacts if the contact is not tagged as abuse |
2024-10-04 09:31:50 | x64 | jmail | 250 | MIME - retain CRLF in multiline headers since the raw value is re-used in SMIME cases |