Important security update

TLDR; PadId was being broadcast to Read Only Clients.

Vileda discovered an issue where in certain conditions the pad ID of a user was being broadcast to users on a Rad Only Pad.

We fixed the issue within minutes of hearing about it (24 minutes to be precise).

You will need to checkout develop to get this security patch, we will be doing a major release soon-ish.

We will release specific details in a few weeks once everyone has patched up.


git checkout develop
git pull
/etc/init.d/etherpad-lite restart

Should be all you need for now.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>