A critical security fix
We were notified about the critical security bug in Total.js framework. Read a prevention.
A critical security fix for Total.js framework
We were noticed about the critical security bug in Total.js framework, but you are safe if you use a reverse proxy like NGINX or Apache. I'm very grateful for great analyse from security experts Riccardo Krauter, Dario Ragno, Fabio Cogno @ Certimeter Group. So thank you a lot!
The fix below is for all version of Total.js framework between v1.7 and v3.1 version. Just copy security.js file to definitions folder, for example: /your-app-dir/definitions/security.js.
- download fix security.js
- and copy it to
/your-app/definitions/security.js - restart app
Sorry for all troubles.
NEW UPDATE: read comments here https://github.com/totaljs/framework/commit/de16238d13848149f5d1dae51f54e397a525932b
Other posts from Total.js Platform
- 2024-11-13Benchmarking Node.js Frameworks: selecting your framework for 2025!
- 2024-11-01October report 2024
- 2024-10-22Performance Testing: Total.js vs. NestJS
- 2024-10-01September report 2024
- 2024-09-27Total.js UI Builder: #2 designing your first interface
- 2024-09-26Total.js V5: Middlewares
- 2024-09-23Beginner Guide to Total.js UI: # 05 Client-side routing
- 2024-09-23Total.js UI #4: Data Binding (Part 2 – Practical Example)
- 2024-09-20Introduction to Total.js UI Builder: A Beginner’s Guide
- 2024-09-13Total.js v5: #06 Understanding File Routing