Version 7 (modified by zooko, at 2007-08-24T16:42:34Z) (diff)


Old News

See also new News.

Archived News Items

2007-08-21 -- security flaw

Nathan Wilcox has discovered that the new web API in allmydata-tahoe version 0.5 is vulnerable to XSRF attack. An XSRF -- or "Cross-Site Reference Forgery" attack -- is one in which an attacker creates an innocuous-looking hyperlink, and if a user clicks on that hyperlink then it causes deletion or theft of the user's data. We are working on a fix for this problem, and in the meantime if you have stored any private or precious data on a tahoe grid, then you can make sure that you are not exposed to this threat by shutting down your tahoe node before browsing the web.

You can read more about the attack and our fix in the mailing list archves:

and in this bug tracker ticket:

2007-08-17 -- Allmydata Tahoe v0.5 is released.

release announcement and discussion

2007-06-29 -- Allmydata Tahoe v0.4 is released.

release announcment and discussion

2007-06-11 -- Allmydata Tahoe v0.3 is released.

release announcement and discussion

2007-02-02 -- Allmydata Tahoe v0.2 is released.

release announcement and discussion