Released: November 15, 2022
Status: Stable
This version includes all fixes from version 4.2.12.
A patch was added to close Python's vulnerability CVE-2007-4559
https://nvd.nist.gov/vuln/detail/CVE-2007-4559
This is a language level vulnerability which exposed older versions of Mayan EDMS only when downloading JavaScript dependencies from the NPM registry.
Exploiting this vulnerability requires compromising an existing package hosted on the NPM registry and adding Python code specifically targeting Mayan EDMS. As part of the project's design philosophies, dependencies are only downloaded from authoritative locations and each dependency is pinned to a specific version to guarantee immutable releases.
Due to all these factors, the surface of attack of this vulnerability is very limited for older versions of Mayan EDMS, it is also very improbable, very difficulty to accomplish and very difficult to remain undetected.
There are no known actual or theoretical attacks for Mayan EDMS exploiting this vulnerability.