Skip to content

v1.1.1 - a security update
Compare
Choose a tag to compare
@slingamn slingamn released this 21 Jul 19:38
· 3137 commits to master since this release
v1.1.1
1ffdf0e

Oragono 1.1.1 is a bugfix release for flaws in message handling, including one with security implications.

Many thanks to @streaps for reporting issues.

Upgrade notes

This release does not change the database or configuration file format.

Security

  • Previous releases of Oragono would incorrectly relay chat messages containing the \r byte. An attacker could use this to spoof protocol messages from the server (depending on the implementation of the victim's client). This has been fixed. (#610)

Fixed

  • Fixed incorrect rejection of messages with multiple spaces (#602, thanks @streaps!)
Assets 13
Loading