Roland Gruber
2022-Jun-27 19:53 UTC
[Samba] LDAP Account Manager 8.0 with important security fixes, PHP 8.1 compatibility and new captcha providers
Announcement: LAM adds support for PHP 8.1. LAM Pro includes two new captcha providers: hCaptcha and Friendly Captcha. This release fixes the following security issues: * Unauthenticated Arbitrary Object Instantiation / Unauthenticated Remote Code Execution (GHSA-r387-grjx-qgvw, CVE-2022-31084) * Incorrect Default Permissions (GHSA-q8g5-45m4-q95p, CVE-2022-31087) * Incorrect Regular Expressions (GHSA-q9pc-x84w-982x, CVE-2022-31086) * Unauthenticated LDAP Injection (GHSA-wxf8-9x99-6gp4, CVE-2022-31088) * Reflected XSS (Internet Explorer only) (GHSA-6m3q-5c84-6h6j, CVE-2022-31085) Full changelog: https://www.ldap-account-manager.org/lamcms/changelog Download: https://www.ldap-account-manager.org/lamcms/releases Features: * management of various account types * Unix * Samba 4/Active Directory * Asterisk * Kopano * DHCP * SSH keys * ... * profiles for account creation * account creation via file upload * automatic creation/deletion of home directories * setting quotas * PDF output for all accounts * editor for organizational units * schema browser * tree view * 2FA support Demo installation: You can try our demo installation online. https://www.ldap-account-manager.org/lamcms/liveDemo Authors & Copyright: Copyright (C) 2003 - 2022: Roland Gruber <post at rolandgruber.de> LAM is published under the GNU General Public License. The complete list of licenses can be found in the copyright file.