On Monday, May 9, 2016 at 5:31:38 PM UTC-7, Massimo Di Pierro wrote: > > A few vulnerabilities have been found in admin. One of them was serious > and it made admin vulnerable to brute force password attacks under some > conditions. > They have been been fixed in version 2.14.6. If you expose admin publicly, > we recommend you upgrade immediately. > > Anyway, we remind everybody that it is not recommended to expose admin in > production environments. Run it locally and connect to it using a ssh > tunnel instead. > > Many takes to Narendra for funding and reporting the vulnerabilities, > Leonel for fixing them, and Richard and Simone for adding many tests and > fixing bugs. > > I've updated one of my instances so far, using the update button on the sites (admin) page, and that seems to have gone okay. I'll be updating additional sites soon, with more verification.
/dps -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
