Skip to content
  • Home
  • Categories
  • Recent
  • Popular
  • World
  • Top
  • Tags
  • Users
  • Groups
  • Documentation
    • Home
    • Read API
    • Write API
    • Plugin Development
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo
v3.10.3 Latest
Buy Hosting
  1. Home
  2. NodeBB Development
  3. NodeBB 2.6.1 Security Update

NodeBB 2.6.1 Security Update

Scheduled Pinned Locked Moved NodeBB Development
security2.6.1
2 Posts 2 Posters 715 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • barisB Offline
    barisB Offline
    <baris> NodeBB
    wrote on last edited by
    #1

    A bug in our socket.io message parsing code can result in privilege escalation by sending a specially crafted socket.io call to the server.

    We have resolved this in the latest version of NodeBB(2.6.1), and the fix has already been rolled out as a patch on all of our hosted customers.

    The fix is included in the latest 2.6.1 release https://github.com/NodeBB/NodeBB/releases/tag/v2.6.1.

    If you are not able to upgrade to the latest release, you can also cherry-pick or apply this commit manually https://github.com/NodeBB/NodeBB/commit/48d143921753914da45926cca6370a92ed0c46b8

    We will update this post with a link to the CVE once its published.

    1 Reply Last reply
    2
    • julianJ Offline
      julianJ Offline
      julian NodeBB GNU/Linux
      wrote on last edited by
      #2

      The security advisory has now been published

      1 Reply Last reply
      1
      • barisB baris referenced this topic on
      • julianJ julian moved this topic from Announcements on

      Copyright © 2024 NodeBB | Contributors
      • Login
      • Don't have an account? Register
      • Login or register to search.
      Powered by NodeBB Contributors
      • First post
        Last post
      0
      • Home
      • Categories
      • Recent
      • Popular
      • World
      • Top
      • Tags
      • Users
      • Groups
      • Documentation
        • Home
        • Read API
        • Write API
        • Plugin Development