2.8.7

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

B

NodeBB 2.8.7 Security Update
Scheduled Pinned Locked Moved NodeBB Development security 2.8.7
1

2 Votes

1 Posts

240 Views

B

A bug in our message parsing code can result in remote code execution.

Affected versions >=2.5.0 <2.8.7

We have resolved this in the latest version of NodeBB(2.8.7), and the fix has already been rolled out as a patch on all of our hosted customers.

The fix is included in the latest 2.8.7 release https://github.com/NodeBB/NodeBB/releases/tag/v2.8.7.

If you are not able to upgrade to the latest release, you can also cherry-pick or apply this commit manually https://github.com/NodeBB/NodeBB/commit/ec58700f6dff8e5b4af1544f6205ec362b593092

NodeBB 2.8.7 Security Update