df6a321966
5.7.4 fixes a bug introduced in 5.7.3, in which the list_running_servers() function attempts to parse HTML files as JSON, and consequently crashes 5.7.3 contains one security improvement and one security fix: - Launch the browser with a local file which redirects to the server address including the authentication token This prevents another logged-in user from stealing the token from command line arguments and authenticating to the server. The single-use token previously used to mitigate this has been removed. Thanks to Dr. Owain Kenway for suggesting the local file approach. - Upgrade bootstrap to 3.4, fixing an XSS vulnerability, which has been assigned CVE-2018-14041 |
||
|---|---|---|
| .. | ||
| ALTERNATIVES | ||
| DESCR | ||
| distinfo | ||
| Makefile | ||
| PLIST | ||