This is a security fix release. Please consider upgrading it.
๐ Enhancement
- Fixed a bunch of security issues found by huntr.dev
-
Reject the current user operation if the user has just been de-activated.
-
Secure the access token to prevent CSRF attack.
-
Disallow Bytebase to be loaded in an iframe.
๐ Community
- Thanks @jiweiyuan to fix our first good first issue
๐ Upgrade instruction
- For fresh installation, follow https://github.com/bytebase/bytebase#installation.
- If you upgrade from 0.7.0, no migration needed. If you upgrade before 0.7.0, there is some breaking schema change, please contact support@bytebase.com and we will help you manually upgrade to the new version.