[OOD-users] Open OnDemand 2.0.17 security release
Ohrstrom, Jeffrey G.
johrstrom at osc.edu
Tue Oct 5 16:22:06 EDT 2021
Hi,
Open OnDemand 2.0.17 has been released with a security fix for SVGs. SVG files may contain malicious javascript, so now OnDemand will force the file to download instead of opening a preview to be executed within your site's domain.
Sites should upgrade from 2.0.16 as soon as they can.
- Jeff Ohrstrom
Open OnDemand core dev team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osu.edu/pipermail/ood-users/attachments/20211005/6b7cfea1/attachment.html>
More information about the OOD-users
mailing list