[Spip-maintainers] Bug#609212: Bug#609212: spip: Cross-Site Scripting and other security issues
Romain Beauxis
romain.beauxis at gmail.com
Fri Jan 7 16:08:45 UTC 2011
Hi all !
Le vendredi 7 janvier 2011 07:20:43, Julien Cristau a écrit :
> > Version 2.1.6 released Monday correct various security issues [1].
> > According to the changelog [2], these should be addressed by r16879 [3],
> > r16880 [4] and r16884 [5].
>
> Can be fixed post release if necessary, not a blocker. If you do
> upload a fix to unstable, please use high urgency and let the release
> team know.
I agree with Julien. This is not a public vulnerability but one that affects
registered authors.
I would also like to document here that it is possible to install a temporary
workaround provided by the SPIP team and called "écran de sécurité":
http://www.spip.net/article4200.html
This can be used while waiting for an updated package.
Finally, I am very busy these days. I am not sure that I will have much time
to prepare and test a new version soon. However, I would be more than happy to
welcome any interested contributor/maintainer.
Romain
More information about the Spip-maintainers
mailing list