A few vulnerabilities have been found in admin. One of them was serious and it made admin vulnerable to brute force password attacks under some conditions. They have been been fixed in version 2.14.6. If you expose admin publicly, we recommend you upgrade immediately.
Anyway, we remind everybody that it is not recommended to expose admin in production environments. Run it locally and connect to it using a ssh tunnel instead. Many takes to Narendra for funding and reporting the vulnerabilities, Leonel for fixing them, and Richard and Simone for adding many tests and fixing bugs. Massimo -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
