This is a security bugfix.
Please urgently upgrade if you use Liferea with Reedah or TheOldReader sync!
If you use TinyTinyRSS sync please upgrade to fix a synching issue.
Security Issue with Reedah + TheOldReader sync support
Sadly there is a long-standing security bug causing unencrypted connections when fetching
feed content for those two backends. When doing such requests via http:// your auth token
got exposed and could allow malicious 3rd parties to manipulate your Reedah / TheOldReader
accounts.
Note: the login request itself (including) your password was not affected, still I advise to
- upgrade to the newest Liferea release 1.16.11 or 2.0-RC3
- verify your Reedah / TheOldReader subscriptions
- change your Reedah / TheOldReader password just to be safe
Changes
* Fixes a long-standing security bug that caused unencrypted connection
when fetching feed content from Reedah and TheOldReader. Please upgrade
and change your Reedah / TheOldReader password afterwards!
(Lars Windolf)
* Fixes #1528: TinyTinyRSS not working anymore due to Content-Encoding
header not indicating JSON
(Lars Windolf)
* Fixes #1523: replace outdated feedburner URL in default feed list OPML
(Lars Windolf)