3.1.3

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

B

NodeBB 2.8.13 & 3.1.3 Security Releases
Scheduled Pinned Locked Moved NodeBB Development security 2.8.13 3.1.3
1

4 Votes

1 Posts

228 Views

B

A bug in our socket.io authentication code can result in Cross-Site WebSocket Hijacking (CSWSH)

Affected versions <2.8.13 & <3.1.3

We have resolved this in the latest version of NodeBB(2.8.13 & 3.1.3), and the fix has already been rolled out as a patch on all of our hosted customers.

The fix is included in the latest 2.8.13 & 3.1.3 releases
https://github.com/NodeBB/NodeBB/releases/tag/v2.8.13
https://github.com/NodeBB/NodeBB/releases/tag/v3.1.3

NodeBB 2.8.13 & 3.1.3 Security Releases