[OOD-users] Open OnDemand 2.0.18 security release
Ohrstrom, Jeffrey G.
johrstrom at osc.edu
Wed Oct 6 13:13:15 EDT 2021
I'm terribly sorry to do this, but 2.0.17 released yesterday was only a partial fix for insecure svg files.
2.0.17 incorrectly previewed files with extension .SVG (all caps) or a mix of capitalization and lowercase (like .SvG). 2.0.18 now treats all svg extensions the same - forcing the browser to download the file instead of previewing it.
Sites should update to 2.0.18 to ensure their customers don't open malicious svg files within their site's context.
- Jeff Ohrstrom
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osu.edu/pipermail/ood-users/attachments/20211006/523ee6ce/attachment.html>
More information about the OOD-users
mailing list