Supervisor v3.2.4 Release Notes

Release Date: 2017-07-24 // over 6 years ago
    • 🛠 Backported from Supervisor 3.3.3: Fixed CVE-2017-11610. A vulnerability was found where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord. Depending on how supervisord has been configured, this may be root. See https://github.com/Supervisor/supervisor/issues/964 for details.