Remote attackers can exploit this to execute code on unpriviliged sites by enticing an unsuspecting user to visit the attacker's site. This issue was addressed by disabling window.open . We recommend updating to the latest version of obsidian. obsidian-0.15.6 - Update address sanitizer to fix remote code execution in 0.15.x through 0.16.x when sending messages to an unpatched client. obsidian-0.15.5 - Fixed a remote code execution issue with the window.open() method. obsidian-0.15.4 - Fixed an XSS issue in the context menu. obsidian-0.15.3 - Fixed a remote code execution issue with the window.open() method. obsidian-0.15.2 - Fixed an XSS issue in the context menu. obsidian-0.15.1 - Fixed a remote code execution issue with the window.open() method. obsidian-0.15 - Fixed a remote code execution issue with the window.open() method. obsidian-0.14.19 - Fixed an XSS issue in the context menu. obsidian-0.14.18 - Fixed an XSS issue in the context menu. obsidian-0.14.17 - Fixed an XSS issue in the context menu. obsidian-0.14.16 - Fixed an XSS issue in the context menu. obsidian-0.14.
Security Improvements
The obsidian-0.14 release was focused on security improvements, including:
* Updated the address sanitizer;
* Fixed an XSS issue in the context menu;
* Fixed an XSS issue in the message dialog.
Security improvements are important because they ensure that your site is safe and secure, which can help to increase your chances of success.
Integer Overflow
The integer overflow that was fixed in 0.15.2 allowed users to cause a denial of service against their own sites.
Timeline
Published on: 07/25/2022 07:15:00 UTC
Last modified on: 08/15/2022 13:15:00 UTC