HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Vanilla 2.0.18.13 - Security release for old 2.0.18 installs

LincLinc Detroit Admin
edited August 2014 in Releases

If you are on 2.0.18 (or any 2.0.* release) and have not yet made the upgrade to 2.1, this would be a great time to get moving! If you're still not ready leave our glorious 2.0 days behind, fear not, the latest security patch is here.

DOWNLOAD 2.0.18.13 HERE

The 2.0 code base is only being given important security patches, and only until the end of 2014.

In this release, we close recently discovered XSS exploits:

  • HtmLawed is upgraded and its filtering tightened (thanks @x00 & Psych0tr1a)
  • parseJSON() is substituted for eval() in 2 places
  • We refactor the definitions list into Javascript instead of using the DOM (thanks @businessdad)

Complete diff here.

Comments

Sign In or Register to comment.