Skip to content

v2.69.1

Choose a tag to compare

View all tags
@thabofletcher thabofletcher released this 03 Sep 22:29
2.69.1
239cb59

What's Changed

  • Added the ability to selectively redact dataset, collection, and field names in DSR packages by @galvana in #6487
  • Changed session invalidation logic to end all sessions for a user when their password has been changed by @thabofletcher CVE-2025-57766
  • Fixed OAuth scope privilege escalation vulnerability that allowed clients to create or update other OAuth clients with unauthorized scopes by @thabofletcher CVE-2025-57817
  • Added stricter rate limiting to authentication endpoints to mitigate against brute force attacks by @thabofletcher CVE-2025-57815
  • Adds Redis-driven rate limiting across all endpoints by @eastandwestwind CVE-2025-57816

Full Changelog: 2.69.0...2.69.1

Contributors

thabofletcher, galvana, and eastandwestwind
Assets 2
Loading