2.8.13

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

B

NodeBB 2.8.13 & 3.1.3 Security Releases
Watching Ignoring Scheduled Pinned Locked Moved NodeBB Development security 2.8.13 3.1.3
1

4 Votes

1 Posts

304 Views

B

A bug in our socket.io authentication code can result in Cross-Site WebSocket Hijacking (CSWSH) Affected versions <2.8.13 & <3.1.3 We have resolved this in the latest version of NodeBB(2.8.13 & 3.1.3), and the fix has already been rolled out as a patch on all of our hosted customers. The fix is included in the latest 2.8.13 & 3.1.3 releases https://github.com/NodeBB/NodeBB/releases/tag/v2.8.13 https://github.com/NodeBB/NodeBB/releases/tag/v3.1.3

NodeBB 2.8.13 & 3.1.3 Security Releases