Hi, I wanted to know if those 2 CVEs were fixed.
CVE-2020-26028
CVE-2020-26035
if so, in what commit and what is the fixed version?
In general: We request CVE numbers after patching issues. This is to reduce users risk.
which hints to: Zammad Security Advisory ZAA-2020-19
So, yes, this issue has been fixed with Zammad 3.4.1 and 3.5.0.
Sorry, I’m too lazy to look up the commit.
Same here:
→ Security Advisory ZAA-2020-21 | Zammad
Fixed with Zammad 3.4.1 and 3.5.0.
Again, too lazy for looking up the commit. ;(
1 Like
This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.