Security Update 2023-11-05

November 5th, 2023


Author: Kate Ward

A major security patch for Xenia has been released.

Security Issues Fixed

  • Any user (that has access to Server Settings) could force changes in the Admin Server Settings (57a4089)
    • Added override functions if someone in the future makes the same mistake (18c03e8)
  • UserWhitelist config field would be ignored when using commands protected with RequireUserWhitelistAttribute (0f5f2c6)
    • Note: RequireUserWhitelistAttribute was removed in that same commit.

Bugs Fixed

  • Inability to change Level System settings when "Notification Channel" is set to "None" (1ed6db1)
  • Bot now has the ability to handle large messages for "Message Edited" events (c67d7e2)

Changes

  • Enforce NSFW content (unless specified in query) when /esix query is executed in an NSFW channel (2c30007)
  • Health Endpoints will return a shared type (d4412d8)
  • Add About page to Dashboard (c5b99c6)
  • Add Github link in navbar for Dashboard (fa2f795)

<< go back