diaspora* security release and

26 January 2016

We just released diaspora* version and which fixes

  • CVE-2016-0751 - Possible Object Leak and Denial of Service attack in Action Pack
  • CVE-2015-7581 - Object leak vulnerability for wildcard controller routes in Action Pack
  • CVE-2015-7576 - Timing attack vulnerability in basic authentication in Action Controller
  • CVE-2016-0752 - Possible Information Leak Vulnerability in Action View
  • CVE-2016-0753 - Possible Input Validation Circumvention in Active Model
  • CVE-2015-7577 - Nested attributes rejection proc bypass in Active Record
  • CVE-2015-7579 - XSS vulnerability in rails-html-sanitizer
  • CVE-2015-7578 - Possible XSS vulnerability in rails-html-sanitizer

The hotfix-hotfix fixes a regression caused by one of the security fixes which we did not notice at first.


Please update as soon as possible. Update instructions are available as usual in the wiki.