verinice gets an update: Version 1.26.1 is now available in the verinice.SHOP or in the customer repository. With the release, the verinice team fixes two bugs. Read more about verinice 1.26 and 1.26.1 in the Release Notes.
The verinice team has corrected the signing of verinice packages to SHA-256, which is particularly relevant for Windows users. Before the update, some users occasionally received warning messages from Microsoft Defender when installing the client on Windows. This issue is now history with the latest version.
In addition, the team has improved the handling of Unicode encoding to prevent a theoretically possible path traversal (see CWE-176: Improper Handling of Unicode Encoding for details). However, exploitation is not evaluated as real in verinice's usage scenario.
We recommend this update to all verinice users, especially those who received Microsoft Defender warnings during the client installation on Windows.