Release v4.14.2

CatoTH · Sep 8, 2024 · eb5a126 · eb5a126
1 parent 981a9b6
commit eb5a126
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 3 deletions.
diff --git a/History.md b/History.md
@@ -1,7 +1,12 @@
 # Version history
 
-### Version 4.14.2 [not released yet]
+### Version 4.14.2 (2024-09-08)
 
+- Security advisory x41-2024-002:
+  - Illegitimate content could be stored in the motion reason. (Credit: X41 D-Sec GmbH, Eric Sesterhenn)
+  - Redirects to external pages could be injected. (Credit: X41 D-Sec GmbH, Eric Sesterhenn)
+  - E-Mail verification after signup could be bypassed. (Credit: X41 D-Sec GmbH, Yassine El Baaj)
+  - E-Mail verification after e-mail change could be bypassed. (Credit: X41 D-Sec GmbH, Yassine El Baaj, JM)
 - Bugfix: The PDF-export of all amendments was not working.
 - Bugfix: The PDF-export of amendments with proposed procedure was not working when using Weasyprint.
 

diff --git a/SECURITY.md b/SECURITY.md
@@ -6,9 +6,9 @@ The latest stable version and the current work-in-progress version are supported
 
 | Version | Supported          |
 | ------- | ------------------ |
+| 4.15.x  | :white_check_mark: |
 | 4.14.x  | :white_check_mark: |
-| 4.13.x  | :white_check_mark: |
-| < 4.13  | :x:                |
+| < 4.14  | :x:                |
 
 ## Reporting a Vulnerability