HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Security Update: Vanilla 18.104.22.168
We've released an important security update that should be applied immediately to anyone running 2.0.18.*. The new version can be found here.
Here is a summary of what we've done:
- 2013-11-26 Use SafeRedirect() instead of Redirect() in the discussion controller.
- 2013-11-26 Added TrustedDomains() and SafeRedirect().
- 2013-11-26 Don't allow user id override on post.
- 2013-08-25 Fix Flagging security flaw
- 2013-08-25 Filter discussion title on categories/all
- 2013-06-20 Comment notifications should only be sent to people with the "NewComment" preference set.
- 2013-06-13 Twitter: Change api version to 1.1.
- 2013-05-08 Tagging: Fix xss bug in tagging.
- 2013-05-02 Do not add linebreaks twice on search.