diff options
Diffstat (limited to 'changes')
-rw-r--r-- | changes/geoip-2021-03-12 | 9 | ||||
-rw-r--r-- | changes/ticket40286_minimal | 6 |
2 files changed, 15 insertions, 0 deletions
diff --git a/changes/geoip-2021-03-12 b/changes/geoip-2021-03-12 new file mode 100644 index 0000000000..01c1b0f162 --- /dev/null +++ b/changes/geoip-2021-03-12 @@ -0,0 +1,9 @@ + o Minor features (geoip data): + - We have switched geoip data sources. Previously we shipped + IP-to-country mappings from Maxmind's GeoLite2, but in 2019 they + changed their licensing term, so we were unable to update them after + that point. We now ship geoip files based on the IPFire Location + Database instead. (See https://location.ipfire.org/ for more + information). This release updates our geoip files to match the + IPFire Location Database as retrieved on 2021/03/12. Closes + ticket 40224. diff --git a/changes/ticket40286_minimal b/changes/ticket40286_minimal new file mode 100644 index 0000000000..6a04ca79eb --- /dev/null +++ b/changes/ticket40286_minimal @@ -0,0 +1,6 @@ + o Major bugfixes (security, denial of service): + - Disable the dump_desc() function that we used to dump unparseable + information to disk. It was called incorrectly in several places, + in a way that could lead to excessive CPU usage. Fixes bug 40286; + bugfix on 0.2.2.1-alpha. This bug is also tracked as + TROVE-2021-001 and CVE-2021-28089. |