nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
diaspora/lib/postzord
History
Maxwell Salzberg 190fceaf5c [SECURITY FIX] please update your pod ASAP 
This is a fix for public messages, where a malicious pod could spoof a message from someone a user was connected to, as the verified signatures were not checked that the object was also from said sender.  This hole only affected public messages, and the private part of code had the correct checks
THX to s-f-s(Stephan Schulz) for reporting and tracking down this issue, and props to Raven24(florian.staudacher@gmx.at) for helping me test the patch
2012-07-02 10:00:12 -07:00
..
dispatcher dispatcher#post should not take opts 2012-01-26 13:24:53 -08:00
receiver [SECURITY FIX] please update your pod ASAP 2012-07-02 10:00:12 -07:00
dispatcher.rb Rails.root and File.join cleanup 2012-06-11 03:13:20 -07:00
receiver.rb [SECURITY FIX] please update your pod ASAP 2012-07-02 10:00:12 -07:00