[erlang-questions] [ANN] Zotonic 0.43 - with security fixes

Marc Worrell marc@REDACTED
Fri Dec 21 14:41:47 CET 2018


Hi,

Zotonic is the Erlang Content Management System and Web Framework.

We have released 0.43.0.

This includes security fixes and the changes mentioned below 

NOTE: If you have a blog site derived from the skel/blog then replace the
archives.tpl file in your site with the one provided in priv/skel/blog/archives.tpl

This also fixes a reflected XSS problem in the admin.

We request people to update their 0.x installation to 0.43 to mitigate this problem.

Main changes are:

 * Allowed uploadable files in mod_acl_user_groups are now configurable
 * Security fixes for reflected XSS in the admin and skel/blog/archives.tpl
 * Hardened HTTP headers for securing Zotonic sessions and requests
 * mod_twitter now uses polling for fetching tweets, stopped using deprecated streaming API


## Compatibility

If you include a page of your site inside a frame on another site, then set the ``allow_frame``
option on the affected dispatch rule.


Download and full release notes are here:

https://github.com/zotonic/zotonic/releases/tag/0.43.0


Regards from the Zotonic core team,

Marc Worrell




More information about the erlang-questions mailing list