Mailinglist Archive: opensuse-web (64 mails)

< Previous Next >
Re: [opensuse-web] openSUSE.org Security Alert
On 11/04/2011 03:20 PM, Matthew Ehle wrote:

Hi Everyone,

Last night, we received an alert of a possible XSS or iFrame injection issue
somewhere on www.opensuse.org or one of the wikis. We temporarily redirected
the site and wikis to a maintenance page for about an hour while we assessed
the risk and impact of the alert. After learning a little more, we felt that
it was not a legitimate alert, and we brought the site back up. I am still
waiting on a full report, so that we can figure out what to do for a long
term solution.

As a precaution, I am working on an immediate upgrade path to the latest
version of Mediawiki and its plugins. I will also be working on upgrading
Apache to 2.2.21 on the www and wiki servers.

-Matt


Thanks Matt.

One day, someone should also have a look at the lizards.opensuse.org wordpress
instance.
Which start to be quite outdated now.


--

Bruno Friedmann
Ioda-Net Sàrl www.ioda-net.ch

openSUSE Member & Ambassador
GPG KEY : D5C9B751C4653227
irc: tigerfoot
--
To unsubscribe, e-mail: opensuse-web+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-web+owner@xxxxxxxxxxxx

< Previous Next >
List Navigation
Follow Ups
References