Cerebrate 1.30 Release Notes
This is a mandatory security update. This release addresses a critical vulnerability and includes several important bug fixes related to tagging, the user interface, and configuration.
Security
-
Critical: Privilege Escalation
-
This release patches a critical privilege escalation vulnerability. We would like to thank ENISA for reporting this issue. We strongly recommend all users upgrade their instances immediately.
Fixes and Improvements
Tagging
- Fixed a bug that prevented some tags from being saved correctly due to a double-encoding issue.
- The “Restore deleted tag” functionality has been fixed. This was previously broken after a change to remove tags by ID.
- Tags are now reliably removed by their ID instead of their value, improving data integrity.
- Resolved a UI layering (z-index) issue where the tagging selection menu would incorrectly appear behind modals.
User Interface (UI)
- Fixed an issue in modals where users could not type or search in dropdown menus (select2). The dropdowns are now correctly attached to the modal body, re-enabling keyboard events.
Configuration
- Cerebrate will now correctly fall back to the
baseurldefined inconfig.jsonif thefullbaseurlis not set, improving configuration flexibility.
Maintenance
- The
sqlite3dependency requirement has been corrected.