Full release notes and download are here: https://github.com/zotonic/zotonic/releases/tag/0.43.0 <https://github.com/zotonic/zotonic/releases/tag/0.43.0>
- Marc > On 21 Dec 2018, at 14:40, Marc Worrell <[email protected]> wrote: > > Hi, > > We have released 0.43.0. > > This includes security fixes and the changes mentioned below > > NOTE: If you have a blog site derived from the skel/blog then replace the > archives.tpl file in your site with the one provided in > priv/skel/blog/archives.tpl > > This also fixes a reflected XSS problem in the admin. > > We request people to update their 0.x installation to 0.43 to mitigate this > problem. > > Main changes are: > > * Allowed uploadable files in mod_acl_user_groups are now configurable > * Security fixes for reflected XSS in the admin and skel/blog/archives.tpl > * Hardened HTTP headers for securing Zotonic sessions and requests > * mod_twitter now uses polling for fetching tweets, stopped using deprecated > streaming API > > > ## Compatibility > > If you include a page of your site inside a frame on another site, then set > the ``allow_frame`` > option on the affected dispatch rule. > > > Regards from the Zotonic core team, > > Marc Worrell > > -- > > --- > You received this message because you are subscribed to the Google Groups > "Zotonic developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "Zotonic developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
