Skip to content

9.13 RELEASE
Compare
Choose a tag to compare
@zeruniverse zeruniverse released this 04 Feb 16:37
· 232 commits to master since this release
9.13
f930767

Security update (commit 9898201):

  • separated controller and view (all html output is now free from program logic) this makes the code more readable. It should now be easier to spot security issues and write clean code.
  • separated javascript from html. This partly belongs to the first point but I list it extra because this allows us to introduce a Content-Security-Policy which should remove any threat of Cross-Site-Scripting
  • Introduced header X-Frame-Options to prevent clickjacking.
  • Fixed a small information disclosure vulnerability (finding out which users exist)

Bug fix:

  • Fixed the 'session timed out' problem at first login (due to the missing ServerRenew cookie).
Assets 2
Loading