announce Tahoe v0.5.1
[Imported from Trac: page News, version 20]
zooko
parent
eb2303f08c
commit
6db1f18864
26
News.md
26
News.md
|
|
@ -2,31 +2,11 @@
|
||||||
|
|
||||||
## Latest News
|
## Latest News
|
||||||
|
|
||||||
### 2007-08-21 -- security flaw
|
### 2007-08-23 -- Allmydata Tahoe v0.5.1 released!
|
||||||
|
|
||||||
Nathan Wilcox has discovered that the new web API in allmydata-tahoe
|
This fixes a security flaw in Tahoe v0.5.0.
|
||||||
version 0.5 is vulnerable to XSRF attack. An XSRF -- or "Cross-Site
|
|
||||||
Reference Forgery" attack -- is one in which an attacker creates an
|
|
||||||
innocuous-looking hyperlink, and if a user clicks on that hyperlink
|
|
||||||
then it causes deletion or theft of the user's data. We are working
|
|
||||||
on a fix for this problem, and in the meantime if you have stored any
|
|
||||||
private or precious data on a tahoe grid, then you can make sure that
|
|
||||||
you are not exposed to this threat by shutting down your tahoe node
|
|
||||||
before browsing the web.
|
|
||||||
|
|
||||||
You can read more about the attack and our fix in the mailing list archves:
|
Please see [the Release Notes]source:relnotes.txt@1154.
|
||||||
|
|
||||||
<http://allmydata.org/pipermail/tahoe-dev/>
|
|
||||||
|
|
||||||
and in this bug tracker ticket:
|
|
||||||
|
|
||||||
<http://allmydata.org/trac/tahoe/ticket/98>
|
|
||||||
|
|
||||||
### 2007-08-17 -- Allmydata Tahoe v0.5 released!
|
|
||||||
|
|
||||||
This version adds a RESTful API allowing you to program your Tahoe node in the language of your choice, as well as a command-line API in the Unix style, and some performance improvements.
|
|
||||||
|
|
||||||
Please see [the Release Notes]source:relnotes.txt@1129.
|
|
||||||
|
|
||||||
## Old News
|
## Old News
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue