v2.4.13 – new security release

May 2, 2011 by: oyvind.kinsey

v2.4.13 has just been released which removes some vulnerabilities discovered that could be used for an XSS-attack.

This release, and specifically the new FlashTransport has now been audited by a member of the Google Security-team, and we are quite confident in its level of security.
So, update as soon as possible.
Announcement group
A new group, easxdm-announce, has now been created that will be used for important announcements such as discovered security issues and new releases.
Only select members are allowed to post to this, and so it will be ‘spam-free’ – please subscribe to this list in order to stay up-to-date.
Filed under: Blog
Tags: , ,
  • Kexkey

    Hi,

    Thanks for the fast update about MS security patch! We unfortunately still have to develop for IE6.

    I tried the last easyXDM version and it doesn’t work for us. I think there’s a problem when the consumer’s port number is not 80. I haven’t tried port 443.

    I modified methods.html (in your examples) so that the REMOTE is my provider (which is on a different domain than the consumer, of course) and am getting…

    remotedomain.com:10311 – 14:53:16.210: swf: received message from http://localdomain.com, expected from http://localdomain.com:10311

    Any hint for me?

    Thanks for your great product!

    • Yeah, I was made aware of that yesterday, only a minor fix is needed. I’ll see if I can get it done one of the next days 🙂

      You can much around with the `swf.createChannel(config.channel, config.secret, getLocation(config.remote), config.isHost);` line, removing the :[port] part from the url passed in if you want to get it up right now.

  • Bite

    Is the version number in the easyXDM code comments somewhere? Not sure which version I’m running.

    If not, please consider adding the version number to one of the files.

  • Anonymous

    nice