[ANNOUNCEMENT] diaspora* security release 0.5.1.2
19 views
Skip to first unread message
Jonne Haß
Jul 2, 2015, 6:53:27 AM7/2/15
to diaspora...@googlegroups.com, diaspo...@googlegroups.com
We just released diaspora* version 0.5.1.2 which fixes a leakage of
private data to unauthorized users.
diaspora* versions prior 0.5.1.2 leaked potentially private profile data
(namely the bio, birthday, gender and location fields) to unauthorized
users. While the frontend properly hid them, the backend missed a check
to not include them in responses.
Thanks to @cmrd-senya for finding and reporting the issue.
We're sorry for any inconveniences caused.
- The diaspora* development team
private data to unauthorized users.
diaspora* versions prior 0.5.1.2 leaked potentially private profile data
(namely the bio, birthday, gender and location fields) to unauthorized
users. While the frontend properly hid them, the backend missed a check
to not include them in responses.
Thanks to @cmrd-senya for finding and reporting the issue.
We're sorry for any inconveniences caused.
- The diaspora* development team
Reply all
Reply to author
Forward
0 new messages