Full release notes and download are here: https://github.com/zotonic/zotonic/releases/tag/0.43.0 <https://github.com/zotonic/zotonic/releases/tag/0.43.0>
- Marc > On 21 Dec 2018, at 14:40, Marc Worrell <m...@worrell.nl> wrote: > > Hi, > > We have released 0.43.0. > > This includes security fixes and the changes mentioned below > > NOTE: If you have a blog site derived from the skel/blog then replace the > archives.tpl file in your site with the one provided in > priv/skel/blog/archives.tpl > > This also fixes a reflected XSS problem in the admin. > > We request people to update their 0.x installation to 0.43 to mitigate this > problem. > > Main changes are: > > * Allowed uploadable files in mod_acl_user_groups are now configurable > * Security fixes for reflected XSS in the admin and skel/blog/archives.tpl > * Hardened HTTP headers for securing Zotonic sessions and requests > * mod_twitter now uses polling for fetching tweets, stopped using deprecated > streaming API > > > ## Compatibility > > If you include a page of your site inside a frame on another site, then set > the ``allow_frame`` > option on the affected dispatch rule. > > > Regards from the Zotonic core team, > > Marc Worrell > > -- > > --- > You received this message because you are subscribed to the Google Groups > "Zotonic developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to zotonic-developers+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "Zotonic developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to zotonic-developers+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
