Use converse 0.5.2 - Githubissues

priyadi / roundcube-converse.js-xmpp-plugin

XMPP plugin for Roundcube Webmail based on converse.js

48 stars 18 forks source link

Use converse 0.5.2 #3

Closed jcbrand closed 10 years ago

jcbrand commented 11 years ago

Hi @priyadi

Converse.js < 0.5.2 is insecure because it exposes the Strophe connection object globally. Malicious code can access this object and in the process get sensitive user data.

Regards JC

priyadi commented 11 years ago

thanks for the heads up. will upgrade as soon as possible.

priyadi commented 10 years ago

latest commit should fixed this. closing.