diff options
| -rw-r--r-- | CHANGELOG.md | 3 | ||||
| -rw-r--r-- | Makefile | 4 | ||||
| -rw-r--r-- | appinfo/info.xml | 2 |
3 files changed, 6 insertions, 3 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index ffd21b1ee..9ab61ef11 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,6 @@ +owncloud-news (8.7.2) +* **Security**: Sign application to make missing/outdated files more easily detectable and prevent attackers from potentially serving a malicious News app from the app store + owncloud-news (8.7.1) * **Bugfix**: Send Chrome's user agent string instead of our own since mod_security, which is used on some servers, thinks that only browsers are allowed to send user agents. This will fix feed updates for some websites, e.g. joomla.org, (because we all know that Joomla is big on security ;) ), #978 @@ -58,7 +58,7 @@ composer=$(shell which composer 2> /dev/null) occ=$(CURDIR)/../../occ private_key=$(HOME)/.owncloud/$(app_name).key certificate=$(HOME)/.owncloud/$(app_name).crt -sign="$(occ) integrity:sign-app --privateKey=$(private_key) --certificate=$(certificate)" +sign=php -f $(occ) integrity:sign-app --privateKey="$(private_key)" --certificate="$(certificate)" sign_skip_msg="Skipping signing, either no key and certificate found in $(private_key) and $(certificate) or occ can not be found at $(occ)" ifneq (,$(wildcard $(private_key))) ifneq (,$(wildcard $(certificate))) @@ -183,7 +183,7 @@ appstore: "js/admin/Admin.js" \ $(appstore_build_directory) ifdef CAN_SIGN - $(sign) --path $(appstore_build_directory) + $(sign) --path="$(appstore_build_directory)" else @echo $(sign_skip_msg) endif diff --git a/appinfo/info.xml b/appinfo/info.xml index ce18fb387..61178f616 100644 --- a/appinfo/info.xml +++ b/appinfo/info.xml @@ -7,7 +7,7 @@ <author>Bernhard Posselt, Alessandro Cosentino, Jan-Christoph Borchardt</author> <category>multimedia</category> <licence>AGPL</licence> - <version>8.7.1</version> + <version>8.7.2</version> <namespace>News</namespace> <!-- resources --> |