【U2】移除qB 4.5.0/4.5.1 支持,增加qB4.5.2支持
u2Show/Hide 2023.02.27 - Banned qBittorrent 4.5.0/4.5.1 | 禁用 qBittorrent 4.5.0/4.5.1
It was reported qB 4.5.0/4.5.1 has a path traversal vulnerability that enables attacker to download arbitrary files on host machine via qBittorrent webui. For the safety of all users, we decided to remove the support of qBittorrent 4.5.0/4.5.1 permanently.
For all users affected, we suggest downgrading to qBittorent 4.4.5 (or lower), or simply wait for 4.5.2.
Staff will support 4.5.2 once it comes out and includes a fix to said vulnerability.
Update 1: Staff team confirmed 4.5.0 is vulnerable and this version is also banned now.
Update 2: Staff team confirmed 4.4.5 is NOT vulnerable.
----------------------------------------------------------------------------------------------------
据报告 qBittorrent 4.5.0/4.5.1 有路径穿越漏洞,可导致攻击者通过qBitorrent webui 任意下载主机上的文件。为用户的安全考虑管理组决定永久移除 qB 4.5.0/4.5.1 支持。
受影响的用户可以降级到 qB 4.4.5 或更低版本, 也可单纯等待4.5.2发布
管理组将会在4.5.2修复该问题且发布后添加支持
更新1: 管理组已确认4.5.0可以复现相同问题,已同样禁用处理
更新2: 管理组已确认4.4.5不受影响
Show/Hide 2023.02.28 - qBittorrent 4.5.2 is now supported | qBittorrent 4.5.2 已被支持
For context please see previous announcement.
页:
[1]