Sharetribe Go version 10.2.1 is now available! -- Important security update

Announcements
1

[10.2.1] - 2021-11-19

This is an important security update! Have a look at https://github.com/sharetribe/sharetribe/security/advisories/GHSA-hjjc-p9hr-424c for more information.

https://github.com/sharetribe/sharetribe/releases/tag/v10.2.1

Security

  • [Critical] Fix OS command injection vulnerability in installations of
    Sharetribe Go that do not set explicitly the sns_notification_token
    configuration variable (which is unset by default). Discoverer/Credits: Wang Sheng of State Grid Sichuan Electric Power Research Institute. #5b844f

Upgrade from 10.2.0 to 10.2.1

The new version contains a critical security fix that you should review. Otherwise, see the General update instructions.