>
As you may know reddit.com was attacked recently. Today the explained what happened: http://blog.reddit.com/2009/09/we-had-some-bugs-and-it-hurt-us.html They had two problems, one in their code and one in the markdown code. The latter is the same library we include in web2py/gluon/contrib/ markdown/markdown2.py. This means web2py code using the WIKI helper is vulnerable to a XSS injection. This has been fixed in trunk and I also posted web2py 1.67.2 please upgrade immediately. The vulnerability will affect other frameworks that use markdown. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
