Is There a Central Repository for 1Password Security Advisories?

edited October 5 in Mac
This discussion was created from comments split from: 1Password libwebp vulnerability [Resolved with version 8.10.15 and later]


  • CaptAwesome
    Community Member

    Is There a Central Repository for 1Password Security Advisories?

    I spent over an hour searching before I finally found the link to the 1Password Security Advisory that @Dave_1P provided (here). Is there a more centralized location where this information is readily available?

    Additionally, I noticed that the rejected CVE identifier, CVE-2023-5129, is not mentioned anywhere on the site. Although this identifier was rejected in favor of CVE-2023-4863 as it covers the same issue, it's worth noting that CVE-2023-5129 is still being cited by various news outlets, blogs, articles, and forums. Many of which directly mention 1Password as being affected.


    Keywords/Tags: Security Advisory, CVE, CVE-2023-5129, CVE-2023-4863, WebP, vulnerability, supply chain attack

  • Dave_1P
    edited October 5


    I'm sorry that the security advisory was hard to find, there was an issue with the page that has since been corrected which should make it more discoverable in the future. The duplicate CVE is mentioned in the security advisory in the second paragraph:

    A duplicate issue was reported with identifier CVE-2023-5129.

    Regarding a central repository, you can find mentions of all resolved security issues in our release notes: 1Password for Mac Releases