Critical Security Update

Yesterday we discovered a bug that allowed malformed URLs to crash Etherpad Lite. We published a patch yesterday to develop and released 1.1.3 today for general consumption.

Please note these bugs have existed in Etherpad Lite since we adopted the express framework so it is important you update today.

Please “git pull” or head over and click download to get the latest version.


Note: Online activists and ISP’s stopped the attack from spreading too wildly by disabling the internet connectivity of the attacker. Whilst we can’t promote this type of activity it did help and our thanks goes out to them.