= Old News =

See also [wiki:News new News].

== Archived News Items ==

=== 2007-08-21 -- security flaw ===

Nathan Wilcox has discovered that the new web API in allmydata-tahoe
version 0.5 is vulnerable to XSRF attack.  An XSRF -- or "Cross-Site
Reference Forgery" attack -- is one in which an attacker creates an 
innocuous-looking hyperlink, and if a user clicks on that hyperlink 
then it causes deletion or theft of the user's data.  We are working 
on a fix for this problem, and in the meantime if you have stored any 
private or precious data on a tahoe grid, then you can make sure that 
you are not exposed to this threat by shutting down your tahoe node
before browsing the web. 

You can read more about the attack and our fix in the mailing list archves:

http://allmydata.org/pipermail/tahoe-dev/

and in this bug tracker ticket:

http://allmydata.org/trac/tahoe/ticket/98

=== 2007-08-17 -- Allmydata Tahoe v0.5 is released. ===

[http://lists.zooko.com/pipermail/p2p-hackers/2007-August/001209.html release announcement and discussion]

=== 2007-06-29 -- Allmydata Tahoe v0.4 is released. ===

[http://lists.zooko.com/pipermail/p2p-hackers/2007-June/001124.html release announcment and discussion]

=== 2007-06-11 -- Allmydata Tahoe v0.3 is released. ===

[http://lists.zooko.com/pipermail/p2p-hackers/2007-June/001074.html release announcement and discussion]

=== 2007-02-02 -- Allmydata Tahoe v0.2 is released. ===

[http://lists.zooko.com/pipermail/p2p-hackers/2007-May/001041.html release announcement and discussion]