Headline
CVE-2023-33955: Release Release version v0.28.0 · minio/console
Minio Console is the UI for MinIO Object Storage. Unicode RIGHT-TO-LEFT OVERRIDE characters can be used to mask the original filename. This issue has been patched in version 0.28.0.
Changelog
- fc9319e Added identifier field to Event destinations page & migrated to mds (#2816)
- beed489 Apply permission check for create accesskey button (#2822)
- dc90db6 Changed SSO Login screen to hide login form by default (#2807)
- 7a9b775 Changed Share Object logic to use Access Keys (#2827)
- 920fc7d Fix Subpath behavior (#2818)
- 629dd66 Fix anonymous access rule not displayed due to style (#2820)
- 6e314a2 Fix crash when backend has no rrSCParity property (#2826)
- d935372 Fix download of large files in Console (#2773)
- 58b64a5 Fixed an issue with allowResources & KeyBar (#2817)
- 0285702 Migrated Access Keys page components to mds (#2834)
- 57bfe97 Release v0.28.0 (#2831)
- 17e791a Replace RIGHT-TO-LEFT OVERRIDE unicode (#2828)
- 22ec87d improve playwright tests with refactoring and clean up (#2809)
- bda1cd1 mds-released-V0.4.3 (#2830)
- b87b415 mds-released-v0.4.2 (#2815)
Related news
### Impact Unicode RIGHT-TO-LEFT OVERRIDE characters can be used to mask the original filename. ### Reported-By Thanks to the report from Mio Li [[email protected]](mailto:[email protected]) ### Patches ``` commit 17e791afb90c9ad27c65f63c6be14f2f6a3a9d60 Author: Daniel Valdivia <[email protected]> Date: Tue May 23 08:47:12 2023 -0700 Replace RIGHT-TO-LEFT OVERRIDE unicode (#2828) Signed-off-by: Daniel Valdivia <[email protected]> ``` ### Workarounds Workarounds are to remove the concerned file and rewrite it properly with the right file and extensions. Avoid using RTLO characters in your filenames.