Heads up: SQL injection fixed

Support requests, bug reports, etc. go here. Dedicated servers / VDS hosting only
User avatar
fox
^ me reading your posts ^
Posts: 6318
Joined: 27 Aug 2005, 22:53
Location: Saint-Petersburg, Russia
Contact:

Heads up: SQL injection fixed

Postby fox » 29 Jan 2016, 17:35

a5556c2 fixes an SQL injection (it requires having a logged in user which mitigates the seriousness somewhat, I guess). Nevertheless, I recommend everyone to update ASAP, even if you trust your users.

Changeset that fixes the issue: https://tt-rss.org/gitlab/fox/tt-rss/co ... dbbc54405b

Link to the site of an expert who discovered the exploit: http://security.szurek.pl/ (a page which details the process will appear later).

Return to “Support”

Who is online

Users browsing this forum: No registered users and 10 guests