We were recently made aware of a Booktype cross-site scripting vulnerability. While rare and difficult to exploit, we’ve decided to release a update in the form of Booktype 1.5.5.
The vulnerability affects all users of Booktype 1.5.x and immediate upgrade is recommended.
The new tarball can be downloaded here. An upgrade guide is here. More information on how to install from scratch is here.
All Sourcefabric customers (both custom development and Booktype Pro) are already protected and need to take no action.
If you are unsure of how to apply this fix or whether you are affected, please mail contact at sourcefabric dot org immediately.