⬆️ Update ghcr.io/ajnart/homarr Docker tag to v0.15.8 #505

Merged
mafyuh merged 1 commit from renovate/ghcr.io-ajnart-homarr-0.x into main 2024-12-07 20:03:23 -05:00
Collaborator

This PR contains the following updates:

Package Update Change
ghcr.io/ajnart/homarr (changelog) patch 0.15.7 -> 0.15.8

Release Notes

ajnart/homarr (ghcr.io/ajnart/homarr)

v0.15.8

Compare Source

[!NOTE]
We've been working actively on working torwards version 1.0 which will include many improvements to performance, security and the overall look & feel of Homarr. It will greatly overhaul the technical architecture of Homarr. This work is done by volunteers. Please consider supporting our work via donations at https://opencollective.com/homarr

🔒 Security patch v0.15.8 🔒

[!CAUTION]
Please update your Homarr instance to this new version. Versions before <0.15.8 contain two vulnerabilities:

  1. Allow an admin user to add arbitrary JavaScript code to other users board (aka. XSS or cross site-scripting). We implemented a fix where JavaScript is no longer being executed.
  2. Any logged in user to create a file on your filesystem (or inside your docker container). This shouldn't be dangerous when running Docker but could lead to dangerous situations if you run Homarr bare-metal using root. At this time, full RCE doesn't seem possible but creating files is possible.

Fix broken avatars in Jellyseer

For some users avatars were broken in Jellyseerr. Thanks to @​TyxTang for fixing it

Fix broken translations in the DNS hole widget

Some timer modal for dns-hole translations did not work. Thanks to @​marius-arch


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [ghcr.io/ajnart/homarr](https://github.com/ajnart/homarr) ([changelog](https://github.com/ajnart/homarr/releases)) | patch | `0.15.7` -> `0.15.8` | --- ### Release Notes <details> <summary>ajnart/homarr (ghcr.io/ajnart/homarr)</summary> ### [`v0.15.8`](https://github.com/ajnart/homarr/releases/tag/v0.15.8) [Compare Source](https://github.com/ajnart/homarr/compare/v0.15.7...v0.15.8) > \[!NOTE]\ > We've been working actively on working torwards version 1.0 which will include many improvements to performance, security and the overall look & feel of Homarr. It will greatly overhaul the technical architecture of Homarr. This work is done by volunteers. Please consider supporting our work via donations at https://opencollective.com/homarr #### 🔒 Security patch v0.15.8 🔒 > \[!CAUTION]\ > Please update your Homarr instance to this new version. Versions before **<0.15.8** contain **two vulnerabilities**: > > 1. Allow an admin user to add arbitrary JavaScript code to other users board (aka. XSS or cross site-scripting). We implemented a fix where JavaScript is no longer being executed. > 2. Any logged in user to create a file on your filesystem (or inside your docker container). This shouldn't be dangerous when running Docker but could lead to dangerous situations if you run Homarr bare-metal using `root`. At this time, full RCE doesn't seem possible but creating files is possible. #### Fix broken avatars in Jellyseer For some users avatars were broken in Jellyseerr. Thanks to [@&#8203;TyxTang](https://github.com/TyxTang) for fixing it #### Fix broken translations in the DNS hole widget Some timer modal for dns-hole translations did not work. Thanks to [@&#8203;marius-arch](https://github.com/marius-arch) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS41MS4wIiwidXBkYXRlZEluVmVyIjoiMzkuNTEuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
renovatebot added 1 commit 2024-12-07 17:00:59 -05:00
⬆️ Update ghcr.io/ajnart/homarr Docker tag to v0.15.8
All checks were successful
Ansible Deploy to Hosts / deploy (pull_request) Successful in 31s
4f64e850a8
mafyuh merged commit 8d2e9552fd into main 2024-12-07 20:03:23 -05:00
mafyuh deleted branch renovate/ghcr.io-ajnart-homarr-0.x 2024-12-07 20:03:23 -05:00
Sign in to join this conversation.
No reviewers
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: mafyuh/iac#505
No description provided.