From 6db1f188647d766b189a52bfe4f3b2c87b7abcd8 Mon Sep 17 00:00:00 2001
From: zooko <>
Date: Fri, 24 Aug 2007 16:43:24 +0000
Subject: [PATCH] announce Tahoe v0.5.1
[Imported from Trac: page News, version 20]
---
News.md | 26 +++-----------------------
1 file changed, 3 insertions(+), 23 deletions(-)
diff --git a/News.md b/News.md
index 9e27d25..c454842 100644
--- a/News.md
+++ b/News.md
@@ -2,31 +2,11 @@
## Latest News
-### 2007-08-21 -- security flaw
+### 2007-08-23 -- Allmydata Tahoe v0.5.1 released!
-Nathan Wilcox has discovered that the new web API in allmydata-tahoe
-version 0.5 is vulnerable to XSRF attack. An XSRF -- or "Cross-Site
-Reference Forgery" attack -- is one in which an attacker creates an
-innocuous-looking hyperlink, and if a user clicks on that hyperlink
-then it causes deletion or theft of the user's data. We are working
-on a fix for this problem, and in the meantime if you have stored any
-private or precious data on a tahoe grid, then you can make sure that
-you are not exposed to this threat by shutting down your tahoe node
-before browsing the web.
+This fixes a security flaw in Tahoe v0.5.0.
-You can read more about the attack and our fix in the mailing list archves:
-
-
-
-and in this bug tracker ticket:
-
-
-
-### 2007-08-17 -- Allmydata Tahoe v0.5 released!
-
-This version adds a RESTful API allowing you to program your Tahoe node in the language of your choice, as well as a command-line API in the Unix style, and some performance improvements.
-
-Please see [the Release Notes]source:relnotes.txt@1129.
+Please see [the Release Notes]source:relnotes.txt@1154.
## Old News