NodeBB 2.8.17 & 3.3.5 Security Releases
-
Today we are releasing patch versions for 3.x and 2.x lines to fix an xss vulnerability.
As mentioned before we will be supporting 1.x and 2.x until August 2024 and August 2025 respectively. This vulnerability does not effect the 1.x releases so there is no patch for it.
The fix is included in the latest 2.8.17 & 3.3.5 releases
https://github.com/NodeBB/NodeBB/releases/tag/v2.8.17
https://github.com/NodeBB/NodeBB/releases/tag/v3.3.5 -
Today we are releasing patch versions for 3.x and 2.x lines to fix an xss vulnerability.
As mentioned before we will be supporting 1.x and 2.x until August 2024 and August 2025 respectively. This vulnerability does not effect the 1.x releases so there is no patch for it.
The fix is included in the latest 2.8.17 & 3.3.5 releases
https://github.com/NodeBB/NodeBB/releases/tag/v2.8.17
https://github.com/NodeBB/NodeBB/releases/tag/v3.3.5Before the upgrade i see this?
-
Before the upgrade i see this?
@FrankM when do you get this page?
-
Today we are releasing patch versions for 3.x and 2.x lines to fix an xss vulnerability.
As mentioned before we will be supporting 1.x and 2.x until August 2024 and August 2025 respectively. This vulnerability does not effect the 1.x releases so there is no patch for it.
The fix is included in the latest 2.8.17 & 3.3.5 releases
https://github.com/NodeBB/NodeBB/releases/tag/v2.8.17
https://github.com/NodeBB/NodeBB/releases/tag/v3.3.5https:///admin/extend/plugins -
Today we are releasing patch versions for 3.x and 2.x lines to fix an xss vulnerability.
As mentioned before we will be supporting 1.x and 2.x until August 2024 and August 2025 respectively. This vulnerability does not effect the 1.x releases so there is no patch for it.
The fix is included in the latest 2.8.17 & 3.3.5 releases
https://github.com/NodeBB/NodeBB/releases/tag/v2.8.17
https://github.com/NodeBB/NodeBB/releases/tag/v3.3.5user_nodebb@webserver2-4gb-nbg1-1:~/nodebb$ ./nodebb upgrade Updating NodeBB... 1. Updating package.json file with defaults... OK 2. Bringing base dependencies up to date... started changed 2 packages, and audited 920 packages in 3s 94 packages are looking for funding run `npm fund` for details *delete* -
Today we are releasing patch versions for 3.x and 2.x lines to fix an xss vulnerability.
As mentioned before we will be supporting 1.x and 2.x until August 2024 and August 2025 respectively. This vulnerability does not effect the 1.x releases so there is no patch for it.
The fix is included in the latest 2.8.17 & 3.3.5 releases
https://github.com/NodeBB/NodeBB/releases/tag/v2.8.17
https://github.com/NodeBB/NodeBB/releases/tag/v3.3.5@FrankM the issue with our package manager should be fixed now, can you try again?
-
Today we are releasing patch versions for 3.x and 2.x lines to fix an xss vulnerability.
As mentioned before we will be supporting 1.x and 2.x until August 2024 and August 2025 respectively. This vulnerability does not effect the 1.x releases so there is no patch for it.
The fix is included in the latest 2.8.17 & 3.3.5 releases
https://github.com/NodeBB/NodeBB/releases/tag/v2.8.17
https://github.com/NodeBB/NodeBB/releases/tag/v3.3.5@baris Works. Thank you!
-
Today we are releasing patch versions for 3.x and 2.x lines to fix an xss vulnerability.
As mentioned before we will be supporting 1.x and 2.x until August 2024 and August 2025 respectively. This vulnerability does not effect the 1.x releases so there is no patch for it.
The fix is included in the latest 2.8.17 & 3.3.5 releases
https://github.com/NodeBB/NodeBB/releases/tag/v2.8.17
https://github.com/NodeBB/NodeBB/releases/tag/v3.3.5~/nodebb$ git fetch remote: Enumerating objects: 9, done. remote: Counting objects: 100% (9/9), done. remote: Compressing objects: 100% (3/3), done. remote: Total 9 (delta 6), reused 9 (delta 6), pack-reused 0 Unpacking objects: 100% (9/9), 904 bytes | 75.00 KiB/s, done. From https://github.com/NodeBB/NodeBB 05a7c7610d..d36140eb5f develop -> origin/develop fb43f9ae10..dc14d6a8d1 v2.x -> origin/v2.x ~/nodebb$ git reset --hard origin/v3.x HEAD is now at a67f84ea5b chore: incrementing version number - v3.3.4Ok, i think you are working.
-
Today we are releasing patch versions for 3.x and 2.x lines to fix an xss vulnerability.
As mentioned before we will be supporting 1.x and 2.x until August 2024 and August 2025 respectively. This vulnerability does not effect the 1.x releases so there is no patch for it.
The fix is included in the latest 2.8.17 & 3.3.5 releases
https://github.com/NodeBB/NodeBB/releases/tag/v2.8.17
https://github.com/NodeBB/NodeBB/releases/tag/v3.3.5after updating, my install still says its running v3.3.4
-
Today we are releasing patch versions for 3.x and 2.x lines to fix an xss vulnerability.
As mentioned before we will be supporting 1.x and 2.x until August 2024 and August 2025 respectively. This vulnerability does not effect the 1.x releases so there is no patch for it.
The fix is included in the latest 2.8.17 & 3.3.5 releases
https://github.com/NodeBB/NodeBB/releases/tag/v2.8.17
https://github.com/NodeBB/NodeBB/releases/tag/v3.3.5@sweetp I might have forgot to increment the version number in package.json for 3.3.5, I did that later https://github.com/NodeBB/NodeBB/commit/055762e69e66d8a4fb30755a7b84bf52613c9e57.
-
Today we are releasing patch versions for 3.x and 2.x lines to fix an xss vulnerability.
As mentioned before we will be supporting 1.x and 2.x until August 2024 and August 2025 respectively. This vulnerability does not effect the 1.x releases so there is no patch for it.
The fix is included in the latest 2.8.17 & 3.3.5 releases
https://github.com/NodeBB/NodeBB/releases/tag/v2.8.17
https://github.com/NodeBB/NodeBB/releases/tag/v3.3.5On another forum, i got nothing when i do
git fetch
-
Today we are releasing patch versions for 3.x and 2.x lines to fix an xss vulnerability.
As mentioned before we will be supporting 1.x and 2.x until August 2024 and August 2025 respectively. This vulnerability does not effect the 1.x releases so there is no patch for it.
The fix is included in the latest 2.8.17 & 3.3.5 releases
https://github.com/NodeBB/NodeBB/releases/tag/v2.8.17
https://github.com/NodeBB/NodeBB/releases/tag/v3.3.5~/nodebb$ git reset --hard v3.3.5 fatal: ambiguous argument 'v3.3.5': unknown revision or path not in the working tree. Use '--' to separate paths from revisions, like this: 'git [...] -- [...]' -
~/nodebb$ git reset --hard v3.3.5 fatal: ambiguous argument 'v3.3.5': unknown revision or path not in the working tree. Use '--' to separate paths from revisions, like this: 'git [...] -- [...]'@FrankM You'll need to either
git pullorgit fetchfirst. -
Today we are releasing patch versions for 3.x and 2.x lines to fix an xss vulnerability.
As mentioned before we will be supporting 1.x and 2.x until August 2024 and August 2025 respectively. This vulnerability does not effect the 1.x releases so there is no patch for it.
The fix is included in the latest 2.8.17 & 3.3.5 releases
https://github.com/NodeBB/NodeBB/releases/tag/v2.8.17
https://github.com/NodeBB/NodeBB/releases/tag/v3.3.5Ok, git pull works
~/nodebb$ git pull remote: Enumerating objects: 475, done. remote: Counting objects: 100% (475/475), done. remote: Compressing objects: 100% (231/231), done. remote: Total 475 (delta 248), reused 469 (delta 244), pack-reused 0 Receiving objects: 100% (475/475), 417.93 KiB | 13.06 MiB/s, done. Resolving deltas: 100% (248/248), completed with 54 local objects. From https://github.com/NodeBB/NodeBB 7d9ff9bf4e..d36140eb5f develop -> origin/develop c44ddb10e7..055762e69e master -> origin/master 638e098f30..dc14d6a8d1 v2.x -> origin/v2.x * [new tag] v2.8.17 -> v2.8.17 * [new tag] v3.3.5 -> v3.3.5My other forum show this
~/nodebb$ git pull hint: You have divergent branches and need to specify how to reconcile them. hint: You can do so by running one of the following commands sometime before hint: your next pull: hint: hint: git config pull.rebase false # merge hint: git config pull.rebase true # rebase hint: git config pull.ff only # fast-forward only hint: hint: You can replace "git config" with "git config --global" to set a default hint: preference for all repositories. You can also pass --rebase, --no-rebase, hint: or --ff-only on the command line to override the configured default per hint: invocation. fatal: Need to specify how to reconcile divergent branches. -
Today we are releasing patch versions for 3.x and 2.x lines to fix an xss vulnerability.
As mentioned before we will be supporting 1.x and 2.x until August 2024 and August 2025 respectively. This vulnerability does not effect the 1.x releases so there is no patch for it.
The fix is included in the latest 2.8.17 & 3.3.5 releases
https://github.com/NodeBB/NodeBB/releases/tag/v2.8.17
https://github.com/NodeBB/NodeBB/releases/tag/v3.3.5Fixing diverged branches is outside of scope of this forum, sorry
https://poanchen.github.io/blog/2020/09/19/what-to-do-when-git-branch-has-diverged
-
Today we are releasing patch versions for 3.x and 2.x lines to fix an xss vulnerability.
As mentioned before we will be supporting 1.x and 2.x until August 2024 and August 2025 respectively. This vulnerability does not effect the 1.x releases so there is no patch for it.
The fix is included in the latest 2.8.17 & 3.3.5 releases
https://github.com/NodeBB/NodeBB/releases/tag/v2.8.17
https://github.com/NodeBB/NodeBB/releases/tag/v3.3.5I somehow got it to v3.3.5 now. Please do not ask how
I'm thinking about reinstalling to start cleanly.
