Skip to content
  • NodeBB 2.8.7 Security Update

    NodeBB Development
    1
    2 Votes
    1 Posts
    288 Views
    barisB
    A bug in our message parsing code can result in remote code execution. Affected versions >=2.5.0 <2.8.7 We have resolved this in the latest version of NodeBB(2.8.7), and the fix has already been rolled out as a patch on all of our hosted customers. The fix is included in the latest 2.8.7 release https://github.com/NodeBB/NodeBB/releases/tag/v2.8.7. If you are not able to upgrade to the latest release, you can also cherry-pick or apply this commit manually https://github.com/NodeBB/NodeBB/commit/ec58700f6dff8e5b4af1544f6205ec362b593092