Signing back into the Community for the first time? You'll need to reset your password to access your account. Find out more.
Forum Discussion
System
2 years agoSuper Contributor
Is There a Central Repository for 1Password Security Advisories?
This discussion was created from comments split from: 1Password libwebp vulnerability [Resolved with version 8.10.15 and later]
- Former Member
Is There a Central Repository for 1Password Security Advisories?
I spent over an hour searching before I finally found the link to the 1Password Security Advisory that 1P_Dave provided (here). Is there a more centralized location where this information is readily available?
Additionally, I noticed that the rejected CVE identifier,
CVE-2023-5129
, is not mentioned anywhere on the site. Although this identifier was rejected in favor ofCVE-2023-4863
as it covers the same issue, it's worth noting thatCVE-2023-5129
is still being cited by various news outlets, blogs, articles, and forums. Many of which directly mention 1Password as being affected.—CaptAwesome
Keywords/Tags:
Security Advisory
,CVE
,CVE-2023-5129
,CVE-2023-4863
,WebP
,vulnerability
,supply chain attack
- 1P_Dave
Moderator
@CaptAwesome
I'm sorry that the security advisory was hard to find, there was an issue with the page that has since been corrected which should make it more discoverable in the future. The duplicate CVE is mentioned in the security advisory in the second paragraph:
A duplicate issue was reported with identifier CVE-2023-5129.
Regarding a central repository, you can find mentions of all resolved security issues in our release notes: 1Password for Mac Releases
-Dave