Issue List
VWE-2018-4535 is a Permissions Escalation issue, in which users may be able to use prefixes that are not allowed by the current wiki area, if the area allows a different prefix with an overlapping name. The issue affects all previous versions of the VaultWiki 4.x series, but does not affect Lite versions.VWE-2018-4536 is a Denial of Service issue, in which an attack may queue enough counter increments that attempting to resolve the increment queue can fail. The issue affects all previous versions of the VaultWiki 4.x series.
Patches
The following patches, issued May 16, 2018, address the aforementioned issues:- 4.0.22 Patch Level 1
- 4.0.21 Patch Level 2
- 4.0.20 Patch Level 5
- 4.0.19 Patch Level 8
- 4.0.18 Patch Level 9
We recommend that all users running VaultWiki in a production environment update to a patched release.