Can we just replace gluon.contrib.markdown2.py or were there other changes? Trying to avoid an upgrade on my live sites.
On Sep 28, 4:42 pm, Massimo Di Pierro <[email protected]> wrote: > As you may know reddit.com was attacked recently. Today the explained > what happened: > > http://blog.reddit.com/2009/09/we-had-some-bugs-and-it-hurt-us.html > > They had two problems, one in their code and one in the markdown code. > The latter is the same library we include in web2py/gluon/contrib/ > markdown/markdown2.py. > > This means web2py code using the WIKI helper is vulnerable to a XSS > injection. > > This has been fixed in trunk and I also posted web2py 1.67.2 > > please upgrade immediately. > > The vulnerability will affect other frameworks that use markdown. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
