Prepare 3.1.4 release

Supervisor · Jul 24, 2017 · fbf9296 · fbf9296
1 parent dbe0f55
commit fbf9296
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 1 deletion.
diff --git a/CHANGES.txt b/CHANGES.txt
@@ -1,3 +1,13 @@
+3.1.4 (2017-07-24)
+------------------
+
+- Backported from Supervisor 3.3.3:  Fixed CVE-2017-11610.  A vulnerability
+  was found where an authenticated client can send a malicious XML-RPC request
+  to ``supervisord`` that will run arbitrary shell commands on the server.
+  The commands will be run as the same user as ``supervisord``.  Depending on
+  how ``supervisord`` has been configured, this may be root.  See
+  https://github.com/Supervisor/supervisor/issues/964 for details.
+
 3.1.3 (2014-10-28)
 ------------------
 
@@ -94,6 +104,16 @@
 - A warning is now logged if a glob pattern in an ``[include]`` section does
   not match any files.  Patch by Daniel Hahler.
 
+3.0.1 (2017-07-24)
+------------------
+
+- Backported from Supervisor 3.3.3:  Fixed CVE-2017-11610.  A vulnerability
+  was found where an authenticated client can send a malicious XML-RPC request
+  to ``supervisord`` that will run arbitrary shell commands on the server.
+  The commands will be run as the same user as ``supervisord``.  Depending on
+  how ``supervisord`` has been configured, this may be root.  See
+  https://github.com/Supervisor/supervisor/issues/964 for details.
+
 3.0 (2013-07-30)
 ----------------
 

diff --git a/supervisor/version.txt b/supervisor/version.txt
@@ -1 +1 @@
-3.1.3
+3.1.4