Hi all, A low-grade security issue with Cartridge has been reported privately. We've fixed this issue and will publish a new version of Cartridge in approximately a week from now. The week is a grace period to allow developers and administrators of production Cartridge sites to apply the fix and ensure their sites are secure prior to the details being made public.
If you're a developer or administrator of a production Cartridge site, please subscribe to the private security mailing list where the details will be made available: https://groups.google.com/forum/#!forum/mezzanine-security *Please note:* you'll be asked to provide details of your production site before being added to the private list. A couple of reminders: - If you have a Mezzanine or Cartridge site, please subscribe to the security mailing list. It's extremely low traffic, but critical if you'r responsible for a Mezzanine or Cartridge site. - If you think you've come across a security issue, please do the right thing and first report it privately to core-t...@mezzaninecms.com which allows us to go through the above process. -- Stephen McDonald http://jupo.org -- You received this message because you are subscribed to the Google Groups "Mezzanine Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to mezzanine-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
