Jonkman Microblog
  • Login
Show Navigation

  • Public

    • Public
    • Network
    • Groups
    • Popular
    • People

Conversation

Notices

  1. Zash (zash@social.umeahackerspace.se)'s status on Thursday, 31-May-2018 14:21:02 EDT Zash Zash
    Prosody 0.10.2 and 0.9.14 has been released
    https://blog.prosody.im/prosody-0-10-2-security-release/ !xmpp
    In conversation Thursday, 31-May-2018 14:21:02 EDT from social.umeahackerspace.se permalink

    Attachments

    1. File without filename could not get a thumbnail source.
      Prosody 0.10.2 and 0.9.14 Security Release
      Today brings an important security release for both our stable branches. This fixes a cross-host authentication vulnerability, CVE-2018-10847. The issue affects Prosody instances that have multiple virtual hosts (including anonymous authenticated hosts). All versions of Prosody before 0.9.14 and 0.10.2 are affected. A full security advisory is available at https://prosody.im/security/advisory_20180531 Changes Summary of all changes in this release: Security mod_c2s: Do not allow the stream ‘to’ to change across stream restarts (fixes #1147) Minor changes mod_websocket: Store the request object on the session for use by other modules (fixes #1153) mod_c2s: Avoid concatenating potential nil value (fixes #753) core.
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

Jonkman Microblog is a social network, courtesy of SOBAC Microcomputer Services. It runs on GNU social, version 1.2.0-beta5, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All Jonkman Microblog content and data are available under the Creative Commons Attribution 3.0 license.

Switch to desktop site layout.