version 1.22.2 of verinice and verinice.PRO is now available for download in the verinice.SHOP or in the customer repository. verinice 1.22.2 (Release Notes) is a security update. The verinice.TEAM recommends all users to apply the available patch as soon as possible.
With verinice 1.22.2 the team fixes a vulnerability, details are described in the Security Advisory. The official CVE ID is CVE-2021-36981. We would like to especially thank Frank Nusko (Secianus GmbH), who found the vulnerability and informed us about it. Together we were able to prepare a Coordinated Disclosure.
Secianus will publish the details of the vulnerability shortly, so that verinice users have enough time to update. If you need help with this or have any open questions, please feel free to contact us at sales@. sernet.de