Release 💾 4.4.9.1

ANDROS · 2019-12-17T07:54:36+0000

Security Block binary/octal/hex/decimal based hostnames from being submitted in forms that could trigger an SSRF. Gfycat OEmbed endpoint could create XSS. Also informed Gfycat of issue. - Thanks to René Kroka - https://renekroka.cz for reporting this issue. Addition attachment permission checks when downloading attachments. Открыть версия

By ANDROS,
December 17, 2019 in Releases

Share

Followers 0

Recommended Posts

Administrator

ANDROS

Posted December 17, 2019

Administrator

- Share

Posted December 17, 2019

Security

Block binary/octal/hex/decimal based hostnames from being submitted in forms that could trigger an SSRF.
Gfycat OEmbed endpoint could create XSS. Also informed Gfycat of issue. - Thanks to René Kroka - https://renekroka.cz for reporting this issue.
Addition attachment permission checks when downloading attachments.

Открыть версия

Правила форума Правила оформления контента Приватный форум и чат