There is an XSS vulnerability in instiki .11, if you aren't running the very latest release. I'm not sure why there hasn't been an announcement to this list about the issue, as if you *aren't* running .11p1 then you are vulnerable. Note that .11p1 was released today, Feb. 27.
If you go to instiki.org you can see a javascript popup, which illustrates the flaw nicely and points you to a description of the flaw: http://golem.ph.utexas.edu/~distler/blog/archives/001181.html Does anyone know if this also effects i2? Here is a link to p1 if you want to update your instiki installation: http://rubyforge.org/frs/shownotes.php?release_id=10014 - Rob _______________________________________________ Instiki-users mailing list [email protected] http://rubyforge.org/mailman/listinfo/instiki-users
