Merge branch 'release/v1.20.1-2'

dnschwarzer · cesmarvin · commit 341a2f1be42a · 2026-01-29T12:16:13.000Z
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [v1.20.1-2] - 2026-01-29
+
+### Security
+- [#204] CVE fixed: [cve-2025-15467](https://avd.aquasec.com/nvd/2025/cve-2025-15467/)
+
 ## [v1.20.1-1] - 2025-12-12
 ### Fixed
 - [#202] Reduce false-positive `HTTP 401 Unauthorized` status codes in the User REST API
diff --git a/Dockerfile b/Dockerfile
@@ -75,7 +75,7 @@ FROM registry.cloudogu.com/official/java:8u432-1
 ARG TOMCAT_VERSION
 
 LABEL NAME="official/usermgt" \
-   VERSION="1.20.1-1" \
+   VERSION="1.20.1-2" \
    maintainer="hello@cloudogu.com"
 
 # mark as webapp for nginx
diff --git a/Makefile b/Makefile
@@ -1,6 +1,6 @@
 # Set these to the desired values
 ARTIFACT_ID=usermgt
-VERSION=1.20.1-1
+VERSION=1.20.1-2
 # overwrite ADDITIONAL_LDFLAGS to disable static compilation
 # this should fix https://github.com/golang/go/issues/13470
 ADDITIONAL_LDFLAGS=""
diff --git a/docs/gui/release_notes_de.md b/docs/gui/release_notes_de.md
@@ -6,6 +6,11 @@ Technische Details zu einem Release finden Sie im zugehörigen [Changelog](https
 
 ## [Unreleased]
 
+## [v1.20.1-2] - 2026-01-29
+
+### Security
+- [#204] Sicherheitslücke geschlossen [cve-2025-15467](https://avd.aquasec.com/nvd/2025/cve-2025-15467/)
+
 ## [v1.20.1-1] - 2025-12-12
 - Als fälschlich ausgewiesene Authentifizierungsfehler werden von der User-REST-API nun korrekt als interne Serverfehler gemeldet. Dies könnten z. B. mangelnde CAS-Konnektivität, Throttling oder LDAP-Zeitüberschreitungen sein.
 
diff --git a/docs/gui/release_notes_en.md b/docs/gui/release_notes_en.md
@@ -6,6 +6,11 @@ Technical details on a release can be found in the corresponding [Changelog](htt
 
 ## [Unreleased]
 
+## [v1.20.1-2] - 2026-01-29
+
+### Security
+- [#204] fixed [cve-2025-15467](https://avd.aquasec.com/nvd/2025/cve-2025-15467/)
+
 ## [v1.20.1-1] - 2025-12-12
 - Errors that were incorrectly reported by the user REST API as Authentication errors are now correctly reported as internal server errors . For instance, these could be lack of CAS connectivity, throttling, or LDAP timeouts.
 
diff --git a/dogu.json b/dogu.json
@@ -1,6 +1,6 @@
 {
   "Name": "official/usermgt",
-  "Version": "1.20.1-1",
+  "Version": "1.20.1-2",
   "DisplayName": "User Management",
   "Description": "User and Group Management.",
   "Category": "Administration Apps",
diff --git a/package.json b/package.json
@@ -3,5 +3,5 @@
     "cypress": "^13.13.1",
     "yarn": "^1.22.22"
   },
-  "version": "1.20.1-1"
+  "version": "1.20.1-2"
 }

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"Name": "official/usermgt",`
`3`		`- "Version": "1.20.1-1",`
	`3`	`+ "Version": "1.20.1-2",`
`4`	`4`	`"DisplayName": "User Management",`
`5`	`5`	`"Description": "User and Group Management.",`
`6`	`6`	`"Category": "Administration Apps",`
Original file line number	Diff line number	Diff line change
`@@ -3,5 +3,5 @@`
`3`	`3`	`"cypress": "^13.13.1",`
`4`	`4`	`"yarn": "^1.22.22"`
`5`	`5`	`},`
`6`		`- "version": "1.20.1-1"`
	`6`	`+ "version": "1.20.1-2"`
`7`	`7`	`}`