NodeBB 2.8.17 & 3.3.5 Security Releases
-
Today we are releasing patch versions for 3.x and 2.x lines to fix an xss vulnerability.
As mentioned before we will be supporting 1.x and 2.x until August 2024 and August 2025 respectively. This vulnerability does not effect the 1.x releases so there is no patch for it.
The fix is included in the latest 2.8.17 & 3.3.5 releases
https://github.com/NodeBB/NodeBB/releases/tag/v2.8.17
https://github.com/NodeBB/NodeBB/releases/tag/v3.3.5 -
user_nodebb@webserver2-4gb-nbg1-1:~/nodebb$ ./nodebb upgrade Updating NodeBB... 1. Updating package.json file with defaults... OK 2. Bringing base dependencies up to date... started changed 2 packages, and audited 920 packages in 3s 94 packages are looking for funding run `npm fund` for details *delete*
-
~/nodebb$ git fetch remote: Enumerating objects: 9, done. remote: Counting objects: 100% (9/9), done. remote: Compressing objects: 100% (3/3), done. remote: Total 9 (delta 6), reused 9 (delta 6), pack-reused 0 Unpacking objects: 100% (9/9), 904 bytes | 75.00 KiB/s, done. From https://github.com/NodeBB/NodeBB 05a7c7610d..d36140eb5f develop -> origin/develop fb43f9ae10..dc14d6a8d1 v2.x -> origin/v2.x ~/nodebb$ git reset --hard origin/v3.x HEAD is now at a67f84ea5b chore: incrementing version number - v3.3.4
Ok, i think you are working.
-
Ok, git pull works
~/nodebb$ git pull remote: Enumerating objects: 475, done. remote: Counting objects: 100% (475/475), done. remote: Compressing objects: 100% (231/231), done. remote: Total 475 (delta 248), reused 469 (delta 244), pack-reused 0 Receiving objects: 100% (475/475), 417.93 KiB | 13.06 MiB/s, done. Resolving deltas: 100% (248/248), completed with 54 local objects. From https://github.com/NodeBB/NodeBB 7d9ff9bf4e..d36140eb5f develop -> origin/develop c44ddb10e7..055762e69e master -> origin/master 638e098f30..dc14d6a8d1 v2.x -> origin/v2.x * [new tag] v2.8.17 -> v2.8.17 * [new tag] v3.3.5 -> v3.3.5
My other forum show this
~/nodebb$ git pull hint: You have divergent branches and need to specify how to reconcile them. hint: You can do so by running one of the following commands sometime before hint: your next pull: hint: hint: git config pull.rebase false # merge hint: git config pull.rebase true # rebase hint: git config pull.ff only # fast-forward only hint: hint: You can replace "git config" with "git config --global" to set a default hint: preference for all repositories. You can also pass --rebase, --no-rebase, hint: or --ff-only on the command line to override the configured default per hint: invocation. fatal: Need to specify how to reconcile divergent branches.
-
Fixing diverged branches is outside of scope of this forum, sorry
https://poanchen.github.io/blog/2020/09/19/what-to-do-when-git-branch-has-diverged
Copyright © 2024 NodeBB | Contributors