Conductance users: we've just released a security update (v0.4.1). See the blog for details: http://onilabs.com/blog/oni-conductance-0.4.1-security-fix
Oni Labs: Conductance 0.4.1 security fix
We have discovered a security issue in Conductance which allows a remote attacker to access files readable to the Conductance user via a specially crafted GET request. We've just published Conductance 0.4.1, which fixes this issue. We recommend all users update to this version immediately.
no plus ones