Dear Turris users,
We are releasing Turris OS 5.1.6 from the Testing branch. This release fixes vulnerability against cross-site scripting in Foris (CVE-2021-3346). The issue was disclosed by Niklas Volcz, who contacted us first before exposing it in public.
There are updated kernel and fixed Syslog warnings in the resolver dynamic script domain.
You will be updated to this version automatically when you are using automatic updates. If you are not using them and using approvals/delayed updates, we suggest checking Updater tab and approve this release to make you safe if you configured Foris to be accessible from the outside of your network.
We will appreciate any feedback regarding this release and if you find any bugs, please follow our article in our documentation for Getting help.