CVE-2023-50883

ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediately-invoked function expression IIFE, and therefore a sandbox escape is possible by directly calling the constructor of the Function object. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446...

ignition security, bug fix, and enhancement update

2.14.0-1 - New release - Add ignition-apply symlink - Add ignition-rmcfg symlink and ignition-delete-config.service 2.13.0-2 - Rename -validate-nonlinux subpackage to -validate-redistributable - Add static Linux binaries to -redistributable - Fix macro invocation in comment - Avoid kernel lockdow...