Signing back into the Community for the first time? You'll need to reset your password to access your account. Find out more.
Forum Discussion
Is There a Central Repository for 1Password Security Advisories?
This discussion was created from comments split from: 1Password libwebp vulnerability [Resolved with version 8.10.15 and later]
Is There a Central Repository for 1Password Security Advisories?
I spent over an hour searching before I finally found the link to the 1Password Security Advisory that 1P_Dave provided (here). Is there a more centralized location where this information is readily available?
Additionally, I noticed that the rejected CVE identifier, CVE-2023-5129, is not mentioned anywhere on the site. Although this identifier was rejected in favor of CVE-2023-4863 as it covers the same issue, it's worth noting that CVE-2023-5129 is still being cited by various news outlets, blogs, articles, and forums. Many of which directly mention 1Password as being affected.
—CaptAwesome
Keywords/Tags: Security Advisory, CVE, CVE-2023-5129, CVE-2023-4863, WebP, vulnerability, supply chain attack
