Hi all, A low-grade security issue with Cartridge has been reported privately. We've fixed this issue and will publish a new version of Cartridge in approximately a week from now. The week is a grace period to allow developers and administrators of production Cartridge sites to apply the fix and ensure their sites are secure prior to the details being made public.
If you're a developer or administrator of a production Cartridge site, please subscribe to the private security mailing list where the details will be made available: https://groups.google.com/forum/#!forum/mezzanine-security *Please note:* you'll be asked to provide details of your production site before being added to the private list. A couple of reminders: - If you have a Mezzanine or Cartridge site, please subscribe to the security mailing list. It's extremely low traffic, but critical if you'r responsible for a Mezzanine or Cartridge site. - If you think you've come across a security issue, please do the right thing and first report it privately to [email protected] which allows us to go through the above process. -- Stephen McDonald http://jupo.org -- You received this message because you are subscribed to the Google Groups "Mezzanine Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
