Hello everybody, a new update of Overpass API is available. As this fixes a security issue, I strongly encourage you to install the fix right now. The release is as usual available via https://dev.overpass-api.de/releases/ resp. https://dev.overpass-api.de/releases/osm-3s_v0.7.55.7.tar.gz The public servers have already been updated.
The issue is XSS, i.e. you can place arbitrary HTML such that it appears to originate from the Overpass server by sending a crafted request to the server. No personal data has been leaked because Overpass servers do not process any. No attack in the wild is known so far. Details will follow in a couple of days. I would like to thank the people that have reported the vulnerability. Best regards, Roland _______________________________________________ dev mailing list dev@openstreetmap.org https://lists.openstreetmap.org/listinfo/dev
