| tag name | v1.15.1 (cc405887dc16a8b7524cfc608548a7a942069e11) |
| tag date | 2025-03-31 18:27:41 -0400 |
| tagged by | Xe Iaso <me@xeiaso.net> |
| tagged object | commit f844fffd1e... |
| download | anubis-1.15.1.tar.xz anubis-1.15.1.zip |
|---|
Zenos yae Galvus: Echo 1
Fixes a recurrence of [CVE-2025-24369](https://github.com/Xe/x/security/advisories/GHSA-56w8-8ppj-2p4f)
due to an incorrect logic change in a refactor. This allows an attacker to mint a valid
access token by passing any SHA-256 hash instead of one that matches the proof-of-work
test.
This case has been added as a regression test. It was not when CVE-2025-24369 was released
due to the project not having the maturity required to enable this kind of regression testing.
-----BEGIN SSH SIGNATURE-----
U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgRAY0gI226MJ70LlLxG5wG7nBKT
91dVq/pkuX0DntlCkAAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5
AAAAQJZd019I2AMd8PxUBMUlDHP0v1SMlMTvew+nRNUxSWK9pkr659HdqBeASfjbcxduGd
JResRlQfOgw7n0/HKb1wg=
-----END SSH SIGNATURE-----
