We’ve just built Gaprindashvili-5. This release contains security and bug fixes, UI tweaks, and stabilization. Here are just a few of the things added since Gaprindashvili-4 release:
- Allow tenant admins to see all groups within the scope of their tenant (#17817)
- Fix for $evm.execute not honoring dialog options (#17844)
- Add option to clear classifications for tag_details (#17465)
- Force user_type to UPN when username is a UPN (#17690)
- Clean up queued items on Zone#destroy (#17374)
- An attacker with SSH access to the system can use the dRuby (DRb) module installed on the system to execute arbitrary shell commands using instance_eval()(CVE-2018-10905)
- Specially crafted requests can be used to access files that exists on the filesystem that is outside an application’s root directory(CVE-2018-3760)
You can download the Gaprindashvili-5 release here.
Here is the complete changelog: Gaprindashvili-5
For questions or support, join in on the talk page.