1w6 uRPG 1w6 uRPG
  • Anmelden

  • Öffentlich

    • Öffentlich
    • Gruppen
    • Beliebt
    • Verzeichnis

https://sn.1w6.org/file/csammy-20160308T225815-f8rwsq6.html

https://sn.1w6.org/file/csammy-20160308T225815-f8rwsq6.html

diaspora* security release 0.5.7.1

We just released diaspora* version 0.5.7.1 which disables post fetching for relayables. Due to an insecure implementation, fetching of root posts for relayables could allow an attacker to distribute malicious/spoofed/modified posts for any person.

Disabling the fetching will make the current federation a bit less reliable, but for a hotfix, this is the best solution. We will re-enable the fetching in 0.6.0.0 when we moved out the federation into its own library and are able to implement further validation during fetches.

Updating

Please update as soon as possible. Update instructions are available as usual in the wiki.

#diaspora #announcement #release #0571

Nachrichten, in denen dieser Anhang erscheint

  1. csammy csammy

    diaspora* security release 0.5.7.1 We just released diaspora* version 0.5.7.1 which disables post fetching for relayables. Due to an insecure implementation, fetching of root posts for relayables could allow an attacker to distribute malicious/spoof…

    Tuesday, 08-Mar-16 22:13:32 UTC
  • Hilfe
  • Über
  • FAQ
  • AGB
  • Privatsphäre
  • Quellcode
  • Version
  • Kontakt

1w6 uRPG ist ein Mikrobloggingdienst von Arne (Drak) Babenhauserheide. Es wird mit der Mikrobloggingsoftware StatusNet (Version 1.1.1-release) betrieben, die unter der GNU Affero General Public License erhältlich ist. The running version includes the patches from draketo.de/proj/statusnet-patches.

Creative Commons Attribution 3.0 Alle Inhalte und Daten von 1w6 uRPG sind unter der Creative Commons Attribution 3.0 Lizenz verfügbar.