Released: November 15, 2022
This version includes all fixes from version 4.2.12.
A patch was added to close Python's vulnerability CVE-2007-4559
Exploiting this vulnerability requires compromising an existing package hosted on the NPM registry and adding Python code specifically targeting Mayan EDMS. As part of the project's design philosophies, dependencies are only downloaded from authoritative locations and each dependency is pinned to a specific version to guarantee immutable releases.
Due to all these factors, the surface of attack of this vulnerability is very limited for older versions of Mayan EDMS, it is also very improbable, very difficulty to accomplish and very difficult to remain undetected.
There are no known actual or theoretical attacks for Mayan EDMS exploiting this vulnerability.