This is a !snbug announcement. A lame coding error left the opportunity for an #XSS attack in the #Bookmark plugin in !sn source which only very recently got fixed.
I recommend updating to !gnusocial v1.1.2-alpha1 (i.e. latest git commit) if you haven't disabled the Bookmark !gnusocial
I believe the severity is not very great, since only a href="" value could be written to contain javascript code. Which requires a user to click the Bookmark's external link. Please correct me if I'm !gnusocial !gnusocial !gnusocial
I've sent emails to the mailinglists I know of handling these matters.
Quadronyx (QDNX) uBlog
Contact uqdnx2013@qdnx.org for a free account here.
Notices where this attachment appears
Tags for this attachment
Quadronyx (QDNX) uBlog is a microblogging service brought to you by Quadronyx. It runs the StatusNet microblogging software, version 1.1.0-release, available under the GNU Affero General Public License.
All Quadronyx (QDNX) uBlog content and data are available under the Creative Commons Attribution 3.0 license.