a5556c2 fixes an SQL injection (it requires having a logged in user which mitigates the seriousness somewhat, I guess). Nevertheless, I recommend everyone to update ASAP, even if you trust your users.
Changeset that fixes the issue: https://tt-rss.org/gitlab/fox/tt-rss/co ... dbbc54405b
Link to the site of an expert who discovered the exploit: http://security.szurek.pl/ (a page which details the process will appear later).
Support requests, bug reports, etc. go here. Dedicated servers / VDS hosting only
1 post • Page 1 of 1
Who is online
Users browsing this forum: No registered users and 92 guests