Important security update

TLDR; PadId was being broadcast to Read Only Clients.

Vileda discovered an issue where in certain conditions the pad ID of a user was being broadcast to users on a Rad Only Pad.

We fixed the issue within minutes of hearing about it (24 minutes to be precise).

You will need to checkout develop to get this security patch, we will be doing a major release soon-ish.

We will release specific details in a few weeks once everyone has patched up.


git checkout develop
git pull
/etc/init.d/etherpad-lite restart

Should be all you need for now.

Leave a comment

Your email address will not be published. Required fields are marked *

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: