Skip to content

v1.2.1
Compare
Choose a tag to compare
@BertrandGouny BertrandGouny released this 14 May 20:29
· 186 commits to master since this release
v1.2.1
8ff967f

Security

  • The default "write" access to "*" by "self" in the file "config/bootstrap/ldif/02-security.ldif" allowed anyone to change all the data about himself. This includes the gid and uid numbers what could lead to serious security issues.

This has been changed to olcAccess: to * by self read by dn="cn=admin,{{ LDAP_BASE_DN }}" write by * none"

Thanks to Francesc Escale for reporting this.

Assets 2
Loading