diaspora* security release 0.5.6.2 and 0.5.6.3
8 views
Skip to first unread message
Dennis Schubert
Jan 26, 2016, 9:34:43 AM1/26/16
to diaspora...@googlegroups.com, diaspo...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
We just released diaspora* version 0.5.6.2 and 0.5.6.3 which fixes
* CVE-2016-0751 - Possible Object Leak and Denial of Service attack in
Action Pack
* CVE-2015-7581 - Object leak vulnerability for wildcard controller
routes in Action Pack
* CVE-2015-7576 - Timing attack vulnerability in basic authentication
in Action Controller
* CVE-2016-0752 - Possible Information Leak Vulnerability in Action View
* CVE-2016-0753 - Possible Input Validation Circumvention in Active Mode
l
* CVE-2015-7577 - Nested attributes rejection proc bypass in Active Reco
rd
* CVE-2015-7579 - XSS vulnerability in rails-html-sanitizer
* CVE-2015-7578 - Possible XSS vulnerability in rails-html-sanitizer
The hotfix-hotfix 0.5.6.3 fixes a regression caused by one of the
security fixes which I did not notice at first. [Insert jokes about me
here.]
# Updating
Please update as soon as possible. Update instructions can be found as
usual at https://wiki.diasporafoundation.org/Updating.
- --
Dennis Schubert
http://schub.io
xmpp:dens...@dsx.cc
-----BEGIN PGP SIGNATURE-----
iQEcBAEBCAAGBQJWp4P2AAoJEOlJwL026k+uwjcIAI63MaY8qzki99iHh5GcdwGH
ZsEZ9sHugl74aV+No5hk7ImqC8dpen6EmolFi25Bi/A6iD+BHR9SjGjFeBxl1n2z
0JpqNuzhrBr0NfwT0j7LWSdB2MdMls8coENnCtBzoJQKKV7f2sYJStKybCh9WxHB
nAMf2cpTp16/EQUBegQ2PHZkQ0IZejKXU+g1/9fdmxDBJ4EchlJbDjGQ2EQrXDIq
WW6DeNTFm6kiQIl73lZiBD6DAf6+xLdtXEaRwvtuAeJVd/ilsFEIxEWfZbMSqT+P
8vIXAWHs3/0NRC6BSvmMQnEFnbgqvrzu138Zttkkwyo5F9cyMJdddoUjoMmoPyQ=
=DJiz
-----END PGP SIGNATURE-----
Hash: SHA256
We just released diaspora* version 0.5.6.2 and 0.5.6.3 which fixes
* CVE-2016-0751 - Possible Object Leak and Denial of Service attack in
Action Pack
* CVE-2015-7581 - Object leak vulnerability for wildcard controller
routes in Action Pack
* CVE-2015-7576 - Timing attack vulnerability in basic authentication
in Action Controller
* CVE-2016-0752 - Possible Information Leak Vulnerability in Action View
* CVE-2016-0753 - Possible Input Validation Circumvention in Active Mode
l
* CVE-2015-7577 - Nested attributes rejection proc bypass in Active Reco
rd
* CVE-2015-7579 - XSS vulnerability in rails-html-sanitizer
* CVE-2015-7578 - Possible XSS vulnerability in rails-html-sanitizer
The hotfix-hotfix 0.5.6.3 fixes a regression caused by one of the
security fixes which I did not notice at first. [Insert jokes about me
here.]
# Updating
Please update as soon as possible. Update instructions can be found as
usual at https://wiki.diasporafoundation.org/Updating.
- --
Dennis Schubert
http://schub.io
xmpp:dens...@dsx.cc
-----BEGIN PGP SIGNATURE-----
iQEcBAEBCAAGBQJWp4P2AAoJEOlJwL026k+uwjcIAI63MaY8qzki99iHh5GcdwGH
ZsEZ9sHugl74aV+No5hk7ImqC8dpen6EmolFi25Bi/A6iD+BHR9SjGjFeBxl1n2z
0JpqNuzhrBr0NfwT0j7LWSdB2MdMls8coENnCtBzoJQKKV7f2sYJStKybCh9WxHB
nAMf2cpTp16/EQUBegQ2PHZkQ0IZejKXU+g1/9fdmxDBJ4EchlJbDjGQ2EQrXDIq
WW6DeNTFm6kiQIl73lZiBD6DAf6+xLdtXEaRwvtuAeJVd/ilsFEIxEWfZbMSqT+P
8vIXAWHs3/0NRC6BSvmMQnEFnbgqvrzu138Zttkkwyo5F9cyMJdddoUjoMmoPyQ=
=DJiz
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages