Releases

  • 2.2.1

    neil 4 weeks ago | 3 commits to master since this release

    Security

    • f4b3753e27 : Fixing XSS vulnerability on the link administration page due to bad URL sanitization. NB: The main instance (s.42l.fr) is not affected by this issue thanks to the CSP header, which forbids JavaScript execution on the page.

    Thanks to polyedre for reporting the issue.

    Fixes

    • a5028ec515 : Links are now trimmed before being saved in database.
    • f4d2edb4ad : The hoster logo now displays correctly on phishing page.