Security Patch released for Newscoop 4.1
  • We have released a patch for a security issue in Newscoop 4.1. This patches a cross-site scripting vulnerability in Newscoop which can be exploited to
    execute arbitrary script code in a user's browser session in context of an affected site.

    It’s not an easy one to exploit but patching is strongly recommended. It affects all versions of Newscoop 4.0.x and 4.1.0.

    How To Fix

    1. Download it.

    2. Patch it.

    $ cd /path/to/your/newscoop-directory/
    $ patch -p1 < /path/to/patch-file

    All customers whose instances are hosted by Sourcefabric are already protected and need to take no action.

    Thanks to Pawel Haldrzynski who found the issue and got in touch via Secunia SVCRP. Here’s the link to the commit in Github that fixes the issue.

    If you are unsure of how to apply this fix or whether you affected, please mail immediately.

    Best, Adam
    Post edited by Adam Thomas at 2013-02-01 09:11:01