1.16.11

[lwindolf]

This is a security bugfix.

Please urgently upgrade if you use Liferea with Reedah or TheOldReader sync!

If you use TinyTinyRSS sync please upgrade to fix a synching issue.

Security Issue with Reedah + TheOldReader sync support

Sadly there is a long-standing security bug causing unencrypted connections when fetching
feed content for those two backends. When doing such requests via http:// your auth token
got exposed and could allow malicious 3rd parties to manipulate your Reedah / TheOldReader
accounts.

Note: the login request itself (including) your password was not affected, still I advise to

• upgrade to the newest Liferea release 1.16.11 or 2.0-RC3
• verify your Reedah / TheOldReader subscriptions
• change your Reedah / TheOldReader password just to be safe

Changes

    * Fixes a long-standing security bug that caused unencrypted connection 
      when fetching feed content from Reedah and TheOldReader. Please upgrade
      and change your Reedah / TheOldReader password afterwards!
      (Lars Windolf)

    * Fixes #1528: TinyTinyRSS not working anymore due to Content-Encoding
      header not indicating JSON
      (Lars Windolf)

    * Fixes #1523: replace outdated feedburner URL in default feed list OPML
      (Lars Windolf)

---

This discussion was created from the release 1.16.11.