A vulnerability has been found in RESTBase v0.9.1 and earlier that
allowed attackers to read arbitrary files on the host system by
passing a specially crafted URL. This vulnerability has been fixed in
[1].
All RESTBase users are strongly encouraged to upgrade to v0.9.2
immediately. Files readable
Hello,
Just a clarification: MediaWiki-Vagrant~[1] users should run `vagrant
git-update` to update to the latest version. This is especially relevant
for users running it on publicly-accessible hosts and having any of the
following roles enabled:
- visualeditor
- restbase
- parsoid
Cheers,