On 04/09/2018 09:18 AM, David Galloway wrote: > Leo made me aware of a pretty severe CVE for Etherpad: > http://blog.etherpad.org/2018/04/07/important-release-1-6-4/ > > I've taken pad.ceph.com down to update. I'll send an update here when > finished. > The version of Etherpad running was ancient. In order to update to a secure version, nodejs and mysql had to be updated. Unfortunately because Etherpad was running on a Debian Squeeze server, the required package versions weren't available. I spun up a new VM in the Sepia lab and am running the latest version of Etherpad on Xenial now. I imported the Etherpad database and spot checked a few pads and they look good. Only thing I noticed is I had to change the font size in my browser to get the previous text size. DNS may need to propagate out for you to reach the installation at the new address but please let me know if you notice any other issues. -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
