Dear XebiaLabs community,
We are pleased to announce the release of XL Deploy 7.5.4. This release provides important bug fixes for the XL Deploy 7.5.0 long-term support version.
Important: The Zip Slip Vulnerability allows exploiters to extract files from a ZIP-like archive to any place on the file system. This allows them to potentially overwrite important files on the system that XL Deploy or XL Satellite is running on, which may result in remote command injection. The fix for this issue, which is included in XL Deploy 7.5.4, prevents malicious archives that potentially exploit this vulnerability from being imported into or extracted by XL Deploy.
The impact of this vulnerability is determined by the permissions granted to the user that is running XL Deploy or XL Satellite. Files that are protected by proper permissions (which are not granted to that user) cannot be overwritten.
You can download the release at the XebiaLabs Software Distribution site.