[ANN] Zotonic 0.43 - with security fixes

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[ANN] Zotonic 0.43 - with security fixes

Marc Worrell

Zotonic is the Erlang Content Management System and Web Framework.

We have released 0.43.0.

This includes security fixes and the changes mentioned below

NOTE: If you have a blog site derived from the skel/blog then replace the
archives.tpl file in your site with the one provided in priv/skel/blog/archives.tpl

This also fixes a reflected XSS problem in the admin.

We request people to update their 0.x installation to 0.43 to mitigate this problem.

Main changes are:

 * Allowed uploadable files in mod_acl_user_groups are now configurable
 * Security fixes for reflected XSS in the admin and skel/blog/archives.tpl
 * Hardened HTTP headers for securing Zotonic sessions and requests
 * mod_twitter now uses polling for fetching tweets, stopped using deprecated streaming API

## Compatibility

If you include a page of your site inside a frame on another site, then set the ``allow_frame``
option on the affected dispatch rule.

Download and full release notes are here:


Regards from the Zotonic core team,

Marc Worrell

erlang-questions mailing list
[hidden email]