Dear community,
We were recently
informed about a security vulnerability found in a Scala library we use
in Lift. The Lift team quickly created a patch and we have released the
following versions that include the patch:
* If you are using Lift 2.5 or 2.5.1, please upgrade to 2.5.2
* For users using 2.6, upgrade to 2.6.1
* If you are using 3.0-M3, please upgrade to 3.0-M4 which is the same as M3 but with the patch
*
If you are using 3.0-SNAPSHOT you have two options, you can simply
download a new snapshot which has the patch, or you can upgrade to
3.0-M5 which is all the code you find today in master plus the security
fix.
We have already informed the folks at Typesafe about this issue.
We
are hoping to release the details of this vulnerability this Friday,
unless we are asked to give Typesafe or any other Scala project more
time to apply a patch.
If you run any Lift application, please upgrade right now.
Thank you.
The Lift Team