Critical Security Update

Yesterday we discovered a bug that allowed malformed URLs to crash Etherpad Lite. We published a patch yesterday to develop and released 1.1.3 today for general consumption.

Please note these bugs have existed in Etherpad Lite since we adopted the express framework so it is important you update today.

Please “git pull” or head over etherpad.org and click download to get the latest version.

Thanks!

Note: Online activists and ISP’s stopped the attack from spreading too wildly by disabling the internet connectivity of the attacker. Whilst we can’t promote this type of activity it did help and our thanks goes out to them.

Join the Conversation

2 Comments

  1. Hi,

    FIY, the etherpad.org link in the article is broken (not too serious), and the current Etherpad Lite for Windows link in the Download menu is broken too (maybe more serious).

Leave a comment

Your email address will not be published. Required fields are marked *