Post · bonfire.cafe

Post

I've uploaded new versions of the Shaarli package (bookmarks app) in Debian with a security fix.

The package versions with the fix:
- 0.16.1+dfsg-1 in testing and unstable
- 0.14.0+dfsg-2+deb13u1 in stable-security
- 0.12.1+dfsg-8+deb12u2 in oldstable-security

More information about the issue:
https://github.com/shaarli/Shaarli/security/advisories/GHSA-g3xq-mj52-f8pg
https://security-tracker.debian.org/tracker/CVE-2026-24476

#Shaarli #Debian #FreedomBox

GitHub

Stored XSS via Suggested Tags

### Summary Crafting a malicious tag which starting with `"` prematurely ends the `` tag on the start page and allows an attacker to add arbitrary html leading to a possible XSS attack. ...

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.2-alpha.22 no JS en

Automatic federation enabled