Version 8 (modified by zooko, at 2007-09-23T13:50:35Z) (diff) |
---|
Old News
See also new News.
Archived News Items
2007-08-23 -- Allmydata Tahoe v0.5.1 released!
This fixes a security flaw in Tahoe v0.5.0.
Please see the Release Notes.
2007-08-21 -- security flaw
Nathan Wilcox has discovered that the new web API in allmydata-tahoe version 0.5 is vulnerable to XSRF attack. An XSRF -- or "Cross-Site Reference Forgery" attack -- is one in which an attacker creates an innocuous-looking hyperlink, and if a user clicks on that hyperlink then it causes deletion or theft of the user's data. We are working on a fix for this problem, and in the meantime if you have stored any private or precious data on a tahoe grid, then you can make sure that you are not exposed to this threat by shutting down your tahoe node before browsing the web.
You can read more about the attack and our fix in the mailing list archves:
http://allmydata.org/pipermail/tahoe-dev/
and in this bug tracker ticket:
http://allmydata.org/trac/tahoe/ticket/98
2007-08-17 -- Allmydata Tahoe v0.5 is released.
release announcement and discussion
2007-06-29 -- Allmydata Tahoe v0.4 is released.
release announcment and discussion
2007-06-11 -- Allmydata Tahoe v0.3 is released.
release announcement and discussion