Buy Hosting

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

NodeBB v1.14.3: A Critical Security Update

Moved NodeBB Blog

1 Posts 1 Posters 1.0k Views

P Offline

P Offline
psychobunny
wrote on last edited by psychobunny

#1

A bug in our validation logic made it possible to change the password of any user on a running NodeBB forum by sending a specially crafted socket.io call to the server.

We have resolved this in the latest version of NodeBB, and the fix has already been rolled out as a patch on all of our hosted customers.

For more information on the vulnerability as well as instructions on how to resolve this issue, please have a look here: https://github.com/NodeBB/NodeBB/security/advisories/GHSA-hr66-c8pg-5mg7

Click here to see the full blog post
1 Reply Last reply
10
J julian moved this topic from Announcements on

Suggested Topics

J

NodeBB v1.18.0 - Hanging Tough With A New Release
Scheduled Pinned Locked Moved NodeBB Blog

3 Votes

1 Posts

278 Views

J

Click here to see the full blog post
J

NodeBB v1.17.0 - Scheduled Topics, New Moderation Features and More
Scheduled Pinned Locked Moved NodeBB Blog

5 Votes

5 Posts

615 Views

F

Thank you 👍
J

NodeBB 1.15.0 - Home Again But Still Hard At Work
Scheduled Pinned Locked Moved NodeBB Blog

2 Votes

3 Posts

531 Views

J

@crazycells @psychobunny is more well versed with this, but the only real functional difference is that it likely loads a bit faster now (at least, after the first load) because a lot of the pages are cached.

Before, it would reload the page just like you were visiting in a browser.

We don't support natively things like notifications yet, but it is a step in the right direction 🙂
P

NodeBB Plugin & Theme Contest Bonanza 2014
Scheduled Pinned Locked Moved NodeBB Blog

6 Votes

60 Posts

39k Views

T

@trevor said:

By next year, I hope there is some type of competition as far as themes go, I'll just stand on the sidelines while Tanner collects his prizes! Next year (if we do this again) I won't let such an easy win slip by like that again... Congrats Tanner, you've earned it. 🙂

And Technowix that sounds like an excuse lol.

You'd better not sit on the sidelines next time. Looking forward to the challenge! 😛
P

NodeBB v0.3.1 Released
Scheduled Pinned Locked Moved NodeBB Blog

0 Votes

5 Posts

2k Views

J

@trevor bugfixed already now 🙂

NodeBB v1.14.3: A Critical Security Update

Suggested Topics

NodeBB v1.18.0 - Hanging Tough With A New Release

NodeBB v1.17.0 - Scheduled Topics, New Moderation Features and More

NodeBB 1.15.0 - Home Again But Still Hard At Work

NodeBB Plugin & Theme Contest Bonanza 2014

NodeBB v0.3.1 Released