The actual advisory is at <
https://code.google.com/p/google-caja/wiki/SecurityAdvisory20150313>. The
most important line is
Our advice is therefore to immediately upgrade to at least Caja r5717
<https://code.google.com/p/google-caja/source/detail?r=5717>.
Until you've upgraded to Caja r5717, Caja's security guarantees can be
fully and trivially breached on any modern browser. As the advisory
explains, Caja, both before and after the release, cannot run safely on
Chrome 40 or Opera 27. Your Chrome 40 or Opera 27 users need to upgrade to
at least Chrome 41 or Opera 28, on which Caja runs fine. This release also
runs fine on Firefox and Internet Explorer. Details are in the advisory.
Please let us know if you have any other troubles with the new release.
Thanks.
--
Cheers,
--MarkM
--
---
You received this message because you are subscribed to the Google Groups
"Google Caja Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
