Mailinglist Archive: opensuse-web (64 mails)
| < Previous | Next > |
[opensuse-web] openSUSE.org Security Alert
- From: "Matthew Ehle" <mehle@xxxxxxxxxx>
- Date: Fri, 04 Nov 2011 08:20:57 -0600
- Message-id: <4EB3A06902000044000D100E@novprvoes0310.provo.novell.com>
Hi Everyone,
Last night, we received an alert of a possible XSS or iFrame injection issue
somewhere on www.opensuse.org or one of the wikis. We temporarily redirected
the site and wikis to a maintenance page for about an hour while we assessed
the risk and impact of the alert. After learning a little more, we felt that
it was not a legitimate alert, and we brought the site back up. I am still
waiting on a full report, so that we can figure out what to do for a long term
solution.
As a precaution, I am working on an immediate upgrade path to the latest
version of Mediawiki and its plugins. I will also be working on upgrading
Apache to 2.2.21 on the www and wiki servers.
-Matt
| < Previous | Next > |