Browse files

Update notices and History

  • Loading branch information...
1 parent 6fcbceb commit f49863f0dd5935f8c64cf17a9f15365eb6d4bef6 @estark37 estark37 committed Apr 30, 2014
Showing with 32 additions and 0 deletions.
  1. +14 −0 History.md
  2. +18 −0 scripts/admin/notices.json
View
14 History.md
@@ -1,5 +1,19 @@
## v.NEXT
+
+## v0.7.2.2
+
+* Fix a security flaw in OAuth1 and OAuth2 implementations. If you are
+ using any OAuth accounts packages (such as `accounts-google` or
+ `accounts-twitter`), we recommend that you update immediately and log
+ out your users' current sessions with the following MongoDB command:
+
+ $ db.users.update({}, { $set: { 'services.resume.loginTokens': [] } },
+ { multi: true });
+
+ OAuth redirect URLs are now required to be on the same origin as your app.
+
+
## v0.7.2.1
* Fix security flaw in OAuth1 implementation. Clients can no longer
View
18 scripts/admin/notices.json
@@ -92,6 +92,24 @@
"release": "0.7.1.2"
},
{
+ "release": "0.7.2"
+ },
+ {
+ "release": "0.7.2.1"
+ },
+ {
+ "release": "0.7.2.2",
+ "notices": [
+ "We closed a security hole in our OAuth client. If you are using",
+ "OAuth-based accounts (such as the `accounts-google` or",
+ "`accounts-twitter` packages), we recommend that you log out",
+ "all your users by running this command from a MongoDB shell:",
+ "",
+ " $ db.users.update({}, { $set: { 'services.resume.loginTokens': [] } },",
+ " { multi: true });"
+ ]
+ },
+ {
"release": "NEXT"
}
]

0 comments on commit f49863f

Please sign in to comment.