3.1.4 (2017-07-24)
- Backported from Supervisor 3.3.3: Fixed CVE-2017-11610. A vulnerabilitywas found where an authenticated client can send a malicious XML-RPC requestto supervisord that will run arbitrary shell commands on the server.The commands will be run as the same user as supervisord. Depending onhow supervisord has been configured, this may be root. Seehttps://github.com/Supervisor/supervisor/issues/964 for details.
当前内容版权归 Supervisor 或其关联方所有,如需对内容或内容相关联开源项目进行关注与资助,请访问 Supervisor .