Security update: CVE-2014-1403 - additional patch

[Øyvind Sean Kinsey]

Please note that a the initial fix contained a flaw, which has since been updated. To make sure you are properly protected, use either master, or the 2.4.19.3 download.

Apologies for not catching this initially, and thanks to the security researcher Krzysztof Kotowicz for noticing.

Sean

On Sat, Jan 18, 2014 at 2:18 PM, Øyvind Sean Kinsey <oyv...@kinsey.no> wrote:

An update has been made to easyXDM to remove a potential vulnerability.

You can find the release on https://github.com/oyvindkinsey/easyXDM/releases/tag/2.4.19

Please update easyxdm.min.js, name.html, or both as soon as possible in order to mitigate possible attack vectors.

I would also like to remind you that you should never expose the full content of the distributed zip file, as the examples are not fully vetted and might expose you to unwanted risk.

Sean