From f334ef1b4de2f8a359ededa41ce13358b81e63c1 Mon Sep 17 00:00:00 2001 From: Thomas Waldmann Date: Wed, 30 Aug 2023 15:49:09 +0200 Subject: [PATCH] fix CVE timeline, fix markup --- docs/changes_1.x.rst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/changes_1.x.rst b/docs/changes_1.x.rst index 728a93f26..0bd2c5d47 100644 --- a/docs/changes_1.x.rst +++ b/docs/changes_1.x.rst @@ -42,6 +42,7 @@ Steps you must take to upgrade a repository: Do **not** run ``borg check`` with borg 1.2.5 before completing the upgrade steps. 2. Run ``borg info --debug 2>&1 | grep TAM | grep -i manifest``. + a) If you get "TAM-verified manifest", continue with 3. b) If you get "Manifest TAM not found and not required", run ``borg upgrade --tam --force `` *on every client*. @@ -69,7 +70,8 @@ Vulnerability time line: * 2023-06-13: Vulnerability discovered during code review by Thomas Waldmann * 2023-06-13...: Work on fixing the issue, upgrade procedure, docs. * 2023-06-30: CVE was assigned via Github CNA -* 2023-07-xx: Released fixed version 1.2.5 +* 2023-06-30 .. 2023-08-29: Fixed issue, code review, docs, testing. +* 2023-08-30: Released fixed version 1.2.5 .. _hashindex_set_bug: