Download link to r374 not r402

[Adam]

The repository has an updated version of swfobject.js that addresses a
"cross-site scripting vulnerability fix to MMredirectURL for both
compressed and src versions as described by Adobe", however the
swfobject_2_2.zip linked on the downloads page does not include this
fix, nor is there a notice stating a more secure version is available.

Seeing as that fix is the last update and occurred 3 years ago, could
we not make that the latest release version? Also Wordpress now
incorporates that same fix in their most recent package, so I think we
can safely assume that it has some widespread testing.

Thanks!

[Aran Rhee]

Hi Adam.

Yes, I remember putting in that fix way back when...

From what I understand from the dev team, the next release (2.3) will come from GIT. You can find that here. I believe the 2.3 beta release is pretty much baked now, and should include that fix.

Best,

Aran

--
You received this message because you are subscribed to the Google Groups "SWFObject" group.
To post to this group, send email to swfo...@googlegroups.com.
To unsubscribe from this group, send email to swfobject+...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/swfobject?hl=en.

[Geoff Stearns]

Yeah we should start directing people to the github page in all our existing docs. I updated the super old v1.5 page to direct people to github instead of google code just a few days ago.