q

News from Habari

Habari Version 0.5.2

Q

The Habari Community announces the release of version 0.5.2. This version is a critical security update; all users of any version prior to 0.5.2 should upgrade at once. Additionally users of HEAD should also update to the latest revision.

This update addresses security issues reported at secunia.com, related to unsanitized user input via the URL enabling a "less critical" XSS vulnerability. Using this vulnerability, malicious users could craft an external link that when clicked by a logged-in user could cause harmful data loss. Developers interested in the extent of the changes should review the makaanga 0.x branch log.

Thanks are due to the entire community for identifying and patching this bug in a timely manner.