Skip to content

Commit e1b320e

Browse files
lunkwill42lunkwill42
committed
Update changelog for NAV 5.13.1
1 parent c2b9002 commit e1b320e

File tree

4 files changed

+24
-5
lines changed

4 files changed

+24
-5
lines changed

CHANGELOG.md

+24
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,30 @@ This project uses [*towncrier*](https://towncrier.readthedocs.io/) and the chang
1111

1212
<!-- towncrier release notes start -->
1313

14+
## [5.13.1] - 2025-05-12
15+
16+
### Security
17+
18+
- Lock down API access for unprivileged users
19+
20+
By default, NAV granted full API access to logged-in users, regardless of
21+
their configured privilege level. This would give unprivileged users access
22+
to manipulate NAV configuration and even elevate their own user privileges to
23+
administrator level. [Read the full security advisory
24+
here.](https://github.com/Uninett/nav/security/advisories/GHSA-gprr-5vvf-582g)
25+
26+
### Changed
27+
28+
- Update NAPALM dependency to 5.0 to keep NAV web GUI working
29+
([#2358](https://github.com/Uninett/nav/issues/2358))
30+
31+
### Fixed
32+
33+
- Fix filtering of 'Last seen' and sorting by 'Last active' in netbox
34+
interfaces view in room info
35+
([#3329](https://github.com/Uninett/nav/issues/3329))
36+
37+
1438
## [5.13.0] - 2025-03-07
1539

1640
### Security

changelog.d/+api-access-lockdown.security.md

-3
This file was deleted.

changelog.d/2358.changed.md

-1
This file was deleted.

changelog.d/3329.fixed.md

-1
This file was deleted.

0 commit comments

Comments
 (0)