Security vulnerability found in Lift, upgrade now.

Skip to first unread message

Diego Medina

Mar 16, 2015, 7:15:54 AM3/16/15
Dear community,

We were recently informed about a security vulnerability found in a Scala library we use in Lift. The Lift team quickly created a patch and we have released the following versions that include the patch:

* If you are using Lift 2.5 or 2.5.1, please upgrade to 2.5.2
* For users using 2.6, upgrade to 2.6.1
* If you are using 3.0-M3, please upgrade to 3.0-M4 which is the same as M3 but with the patch
* If you are using 3.0-SNAPSHOT you have two options, you can simply download a new snapshot which has the patch, or you can upgrade to 3.0-M5 which is all the code you find today in master plus the security fix.

We have already informed the folks at Typesafe about this issue.

We are hoping to release the details of this vulnerability this Friday, unless we are asked to give Typesafe or any other Scala project more time to apply a patch.

If you run any Lift application, please upgrade right now.

Thank you.

The Lift Team
Reply all
Reply to author
0 new messages