github diaspora/diaspora v0.5.7.1

latest releases: v0.7.18.1, v0.7.18.0, v0.7.17.0...
6 years ago

This security release disables post fetching for relayables. Due to an insecure implementation, fetching of root posts for relayables could allow an attacker to distribute malicious/spoofed/modified posts for any person.

Disabling the fetching will make the current federation a bit less reliable, but for a hotfix, this is the best solution. We will re-enable the fetching in when we moved out the federation into its own library and are able to implement further validation during fetches.

Don't miss a new diaspora release

NewReleases is sending notifications on new releases.