This update fixes an important security error and contains other changes that enhance the wrapper security.
Iframe sandbox escape [Reported by Ivanq / gitcenter]
In ZeroNet before Rev3350 the wrapper did not escaped properly the given parameters.
Result: The opened site was able to escape the sandbox, read/modify any hosted site and change the client's configuration settings. Using the sandbox escape due to an obsolete feature the opened site was also able to read the private key of the cloned sites.
Fix: Fixed the escaping function and also removed raw html based tag definitions to prevent similar things happening in the future.
Affected versions: All versions before ZeroNet Rev3350
- Fix random blank pages using Firefox
- Fix local peer discovery on older Linux kernels
- Change large file download for msgpack 0.5.5 and 0.5.6 compatibility
- Fix random sidebar globe loading errors
- Fix command line interface actions
- Fix file download error on slow connections