[erlang-questions] [ANN] Zotonic 0.43 - with security fixes
Marc Worrell
marc@REDACTED
Fri Dec 21 14:41:47 CET 2018
Hi,
Zotonic is the Erlang Content Management System and Web Framework.
We have released 0.43.0.
This includes security fixes and the changes mentioned below
NOTE: If you have a blog site derived from the skel/blog then replace the
archives.tpl file in your site with the one provided in priv/skel/blog/archives.tpl
This also fixes a reflected XSS problem in the admin.
We request people to update their 0.x installation to 0.43 to mitigate this problem.
Main changes are:
* Allowed uploadable files in mod_acl_user_groups are now configurable
* Security fixes for reflected XSS in the admin and skel/blog/archives.tpl
* Hardened HTTP headers for securing Zotonic sessions and requests
* mod_twitter now uses polling for fetching tweets, stopped using deprecated streaming API
## Compatibility
If you include a page of your site inside a frame on another site, then set the ``allow_frame``
option on the affected dispatch rule.
Download and full release notes are here:
https://github.com/zotonic/zotonic/releases/tag/0.43.0
Regards from the Zotonic core team,
Marc Worrell
More information about the erlang-questions
mailing list