We were notified about the critical security bug in Total.js framework. Read a prevention.
A critical security fix for Total.js framework
We were noticed about the critical security bug in Total.js framework, but you are safe if you use a reverse proxy like NGINX or Apache. I'm very grateful for great analyse from security experts Riccardo Krauter, Dario Ragno, Fabio Cogno @ Certimeter Group. So thank you a lot!
The fix below is for all version of Total.js framework between
v3.1 version. Just copy
security.js file to
definitions folder, for example:
- download fix security.js
- and copy it to
- restart app
Sorry for all troubles.
NEW UPDATE: read comments here https://github.com/totaljs/framework/commit/de16238d13848149f5d1dae51f54e397a525932b
Other posts from Total.js Platform
- 2021-10-08Server-Sent events with Total.js
- 2021-10-01September report 2021
- 2021-09-16Custom FlowStream execution
- 2021-09-14Improved FlowStream components
- 2021-09-10Processing live video stream in Total.js / Node.js
- 2021-09-08New release for Total.js v4 with great new improvements
- 2021-09-02August report 2021
- 2021-08-11MJPEG streaming through HTTP in Node.js / Total.js
- 2021-08-02Total.js FlowStream Designer is now open-source
- 2021-07-31July report 2021