Comments (3)
That seems reasonable, it was more that I saw an old version in my sandstorm with nothing documented.
This bug now seems like document enough to me, seems like I could close this and it will still be available for the curious?
from etherpad-lite.
@hammerandtongs We actually chatted a bit about this release on IRC.
- The first vulnerability is too new to apply to Etherpad for Sandstorm.
- The second, only applies to pads stored in one of four database types... but Etherpad for Sandstorm uses SQLite.
- And the third vulnerability does not apply to Sandstorm because Etherpad on Sandstorm only has a single pad with a predictable name in a given grain.
As far as I think those discussing it concluded, Etherpad on Sandstorm shouldn't be affected at all by this security release.
from etherpad-lite.
Note that on Sandstorm, the worst possible security vulnerability that Etherpad could have is one where a user who has been shared read-only access to a document is able to modify that document. On Sandstorm, it is impossible for a user to access any pad that you haven't shared with them.
That said, we should update the package. I'll try to find time next weekend...
from etherpad-lite.
Related Issues (20)
- Comment threads don't get updated correctly HOT 2
- Comments at end of long document are very hard to interact with HOT 1
- Comments are unusable at window widths < ~950 pixels HOT 1
- Migration from dirty.db seems to have bitrotted HOT 1
- Twitchy comment boxes under certain layouts HOT 1
- Missing authorship information HOT 3
- Include comment text in body of app activity events HOT 1
- Minor design quibble: Clicking in the comments box results in its background color changing HOT 2
- Restoring line numbers HOT 2
- Text can suddenly be trapped into a not-very-wide box for no apparent reason HOT 7
- Pad settings don't persist past a browser refresh HOT 5
- User profile icon doesn't display initially
- authorship misalignment HOT 3
- Doing Ctrl-B, then typing, doesn't result in bold text, despite ep_sticky_attributes HOT 2
- In Safari on a Mac, using keyboard arrow keys doesn't result in scrolling HOT 1
- Formatting works in "Read-Only" mode, but doesn't save. HOT 5
- Word count plugin
- Crashes completely on new firefox browser HOT 6
- Printing has no text on any but the first page HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from etherpad-lite.