[ANNOUNCEMENT] diaspora* security release 0.3.0.3
21 views
Skip to first unread message
Jonne Haß
Feb 19, 2014, 5:40:40 AM2/19/14
to diaspo...@googlegroups.com, diaspora...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
We released diaspora* 0.3.0.3 which updates Rails to 3.2.17. Rails
3.2.17 fixes two security issues, CVE-2014-0081 and CVE-2014-0082. The
first one is a XSS issue in a Rails helper method we don't use, so it
shouldn't affect us. The second one is a DoS issue. For further
information please consult Rails release announcement[1].
Thus this release is of minor importance and we don't expect that any
user data was or will be harmed. Nonetheless we encourage everybody to
update as soon as possible.
Update instructions can be found in our wiki[2].
- - The diaspora* development team
[1]:
http://weblog.rubyonrails.org/2014/2/18/Rails_3_2_17_4_0_3_and_4_1_0_beta2_have_been_released/
[2]: https://wiki.diasporafoundation.org/Updating
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJTBIooAAoJEPNH4OtHrHDWpxsH/02vV1mrvHhr5/IiCOaq/trR
mM+lYcAuKLgE63oLOsZWpI6E76MrGMHJ9W5POeznmQEHuGzYAgc+cDpPHT3/MZtG
rQSH8iCoOt59wIDjQ21HRO2/AhjTh63A5a/7JdsMAnl55APcZ6VFUF6NRXYisU9j
T5BgXcPWYRYLmtlz70BFgMaK/oqwBnCrgxHoeR5ZjVmjrOBX62fIp3v3HkDMi2tT
rgAFpX1uroZZdO4rNeX2D6ZTMvBVBgoM5kyVEiUOi5v26xCSxHHCv9Afn1NomLQI
iYk3Z+MMQqnqXbJWeAqHstM9fox5ZECpjXRAO5DhMgZpa1HDybPMKeyya7NRA5I=
=Fj1M
-----END PGP SIGNATURE-----
Hash: SHA1
We released diaspora* 0.3.0.3 which updates Rails to 3.2.17. Rails
3.2.17 fixes two security issues, CVE-2014-0081 and CVE-2014-0082. The
first one is a XSS issue in a Rails helper method we don't use, so it
shouldn't affect us. The second one is a DoS issue. For further
information please consult Rails release announcement[1].
Thus this release is of minor importance and we don't expect that any
user data was or will be harmed. Nonetheless we encourage everybody to
update as soon as possible.
Update instructions can be found in our wiki[2].
- - The diaspora* development team
[1]:
http://weblog.rubyonrails.org/2014/2/18/Rails_3_2_17_4_0_3_and_4_1_0_beta2_have_been_released/
[2]: https://wiki.diasporafoundation.org/Updating
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJTBIooAAoJEPNH4OtHrHDWpxsH/02vV1mrvHhr5/IiCOaq/trR
mM+lYcAuKLgE63oLOsZWpI6E76MrGMHJ9W5POeznmQEHuGzYAgc+cDpPHT3/MZtG
rQSH8iCoOt59wIDjQ21HRO2/AhjTh63A5a/7JdsMAnl55APcZ6VFUF6NRXYisU9j
T5BgXcPWYRYLmtlz70BFgMaK/oqwBnCrgxHoeR5ZjVmjrOBX62fIp3v3HkDMi2tT
rgAFpX1uroZZdO4rNeX2D6ZTMvBVBgoM5kyVEiUOi5v26xCSxHHCv9Afn1NomLQI
iYk3Z+MMQqnqXbJWeAqHstM9fox5ZECpjXRAO5DhMgZpa1HDybPMKeyya7NRA5I=
=Fj1M
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages