Skip to content

Release v1.7.4 - Prevent bypassing YOURLS proxy URL filter

Latest
Latest
Compare
Choose a tag to compare
@github-actions github-actions released this 09 Jul 18:45
· 7 commits to master since this release
1.7.4
This tag was signed with the committer’s verified signature.
elrido El RIDO
GPG key ID: 0F5C940A6BD81F92
Learn about vigilant mode.
031bcef
This commit was signed with the committer’s verified signature.
elrido El RIDO
GPG key ID: 0F5C940A6BD81F92
Learn about vigilant mode.
  • CHANGED: Saving markdown pastes uses .md extension instead of .txt (#1293)
  • CHANGED: Enable strict type checking in PHP (#1350)
  • CHANGED: Various tweaks of the bootstrap5 template, suggested by the community
  • FIXED: Reset password input field on creation of new paste (#1194)
  • FIXED: Allow database schema upgrade to skip versions (#1343)
  • FIXED: bootstrap5 dark mode toggle unset on dark browser preference (#1340)
  • FIXED: Prevent bypassing YOURLS proxy URL filter, allowing to shorten non-self URLs

This release addresses an issue with the YOURLS proxy's filter that allowed it to shorten other URLs then the configured PrivateBin instance. This issue only affects instances that use the YOURLS URL-shortener proxy. More details on this issue can be found in the security advisory.

Assets 5
Loading
0 Join discussion