535 contains a real fix. Everything was being handled through GET forms. Including shutting down the node, and worse things. *Please upgrade*!
It is still possible for a prefetching browser or an attacker to unload a plugin. But that should be the only remaining vulnerability, and it will be fixed soon. On Tue, Mar 14, 2006 at 12:48:59AM +0000, Matthew Toseland wrote: > If you are using the alphatest 0.7, please upgrade to version 534 as > soon as possible, and do not use it until you can do so. > > 534 puts a temporary patch in for a serious security flaw discovered in > the alpha. > > A real fix will be included very soon. -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/tech/attachments/20060314/ccd5d6d6/attachment.pgp>
