Security Warning -- Upgrade to 1.2.1

Random stuff about serendipity. Discussion, Questions, Paraphernalia.
Post Reply
chickens
Regular
Posts: 192
Joined: Wed Dec 06, 2006 12:15 am
Location: Vegas
Contact:

Security Warning -- Upgrade to 1.2.1

Post by chickens » Thu Dec 13, 2007 1:06 am

While looking through my security RSS feeds I found out that there is a XSS in older versions of the RSS plugin. It seems to have been fixed in the latest version if s9y.

More info: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6205

Back to work I go... :)

User avatar
garvinhicking
Core Developer
Posts: 30020
Joined: Tue Sep 16, 2003 9:45 pm
Location: Cologne, Germany
Contact:

Re: Security Warning -- Upgrade to 1.2.1

Post by garvinhicking » Thu Dec 13, 2007 12:40 pm

Hi!

Note that you only need to upgrade when using the Remote RSS sidebar plugin. Not soo many blogs even have that enabled.

Also be sure to subscribe to blog.s9y.org, it contains new version announcements.

Regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/

chickens
Regular
Posts: 192
Joined: Wed Dec 06, 2006 12:15 am
Location: Vegas
Contact:

Post by chickens » Thu Dec 13, 2007 11:10 pm

Ahh, it was just the RSS inclusion sidebar. I was thinking it was the RSS sidebar for changing the format of your RSS feed. The severity just went from a 10/10 in my mind to a 2/10.

Post Reply