Upstream/esphome-docs
1
0
Fork 0
mirror of https://github.com/esphome/esphome-docs.git synced 2025-01-12 20:10:50 +01:00
Code Issues Projects Releases Wiki Activity

Add links to security advisory and commit (#1499)

Browse Source
This commit is contained in:
Jesse Hills 2021-09-29 07:41:02 +13:00 committed by GitHub
parent c3148210de
commit 2d176c1b27
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
changelog/2021.9.0.rst
View File

@ -21,7 +21,8 @@ Web Server Vulnerability
It was brought to our attention by :ghuser:`andir` that the :doc:`/components/web_server` had a vulnerability in that
the OTA form could be POST'd to without the basic auth credentials set in the ``web_server`` configuration.
If you use the ``web_server`` and rely on the credentials for security, then you need to upgrade to 2021.9.2 or
disable the ``web_server`` completely.
disable the ``web_server`` completely. The `Security Advisory on GitHub <https://github.com/esphome/esphome/security/advisories/GHSA-48mj-p7x2-5jfm>`__
has been given ``CVE-2021-41104``.
`Home Assistant Amber <https://home-assistant.io/amber>`__
----------------------------------------------------------
@ -79,6 +80,7 @@ Release 2021.9.2 - September 28
- Bump aioesphomeapi to 9.1.1 :esphomepr:`2350` by :ghuser:`OttoWinter`
- Midea fix :esphomepr:`2395` by :ghuser:`dudanov`
- Move web_server auth to web_server_base `be965a6 <https://github.com/esphome/esphome/commit/be965a60eba6bb769e2a5afdbc8eed132f077a59>`__ by :ghuser:`OttoWinter`
- Fix lint issues in web_server_base :esphomepr:`2409` by :ghuser:`jesserockz`
Full list of changes