Hi everyone. DL 0.9.1 is available to download, and fixes a grave security issue for people that use the built-in authorization mechanism (if you see the DL login form you are affected). Upgrade is highly recommended.
I've discovered this sloppy mistake on the 31th December, and thus decided to delay the public announcement until holidays were over. Sorry for the inconvenience. dl 0.9.1: 31/12/2011 -------------------- * Fixed a grave security issue: unauthorized parties can perform login as any arbitrary user when using the built-in authentication mechanism by supplying an authorization header. DL versions down to 0.3 are affected. http://www.thregr.org/~wavexx/software/dl/releases/dl-0.9.1.zip
