Hey folks, we have a minor CVE issued for AshAuthentication. Please read the CVE and update accordingly. Relatively low severity, can’t compromise a user’s data, but there is an opportunity for a user to be “confirmed” for an email they do not have access to.
The Ash team takes security extremely seriously and always follow the proper procedure for filing CVEs for all security issues. This is just on the borderline of whether or not a CVE wouldn’t even be necessary, but we err on the side of caution.
