Page MenuHomePhabricator

Etherpad 1.6.3 security release
Closed, ResolvedPublic

Description mentions three security issues:

"SECURITY: Update ejs"
"SECURITY: xss vulnerability when reading window.location.href" is
"SECURITY: sanitize jsonp" is

Event Timeline

Mentioned in SAL (#wikimedia-operations) [2018-02-09T15:47:28Z] <akosiaris> upload etherpad-lite 1.6.3-1 to T186866

Mentioned in SAL (#wikimedia-operations) [2018-02-09T15:49:14Z] <akosiaris> upgrade to 1.6.3-1 T186866

akosiaris claimed this task. has been updated. We should now be safe from these vulns, resolving.