Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Solved Tiny Tiny RSS - Security issues

    Tiny Tiny RSS
    2
    8
    227
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • girish
      girish Staff last edited by

      A number of issues have been found in TTRSS - https://www.digeex.de/blog/tinytinyrss/. You can read the announcement in their forum about the fixes - https://community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799 .

      I have pushed a new package with the fixes. If you use TTRSS, best to update it at the earliest.

      1 Reply Last reply Reply Quote 2
      • T
        thetomester13 App Dev last edited by

        @girish thanks for hopping on this quickly! However, it seems something is now broken with my TTRSS instance. When clicking on an article title when it's active, I get a weird error from my instance's backend.php page:
        {"error":{"code":6,"message":null}}

        It seems like the user pahles had a similar issue on the TTRSS community forum thread you linked, and this is a potential solution proposed by someone else. Can you replicate this issue? What do you think is the estimated time to resolve this?

        1 Reply Last reply Reply Quote 0
        • girish
          girish Staff last edited by girish

          @thetomester13 I could reproduce this in the mobile app, am looking into it. For the moment, you can revert to the previous version. Can you confirm this only happens in the mobile app because the desktop works fine for me.

          T 1 Reply Last reply Reply Quote 1
          • T
            thetomester13 App Dev @girish last edited by

            @girish I actually noticed this issue in the desktop web app. The mobile app (don't know if there's an official one? I'm using tiny Reader iOS version 2.1.3) works fine for me ironically.

            girish 1 Reply Last reply Reply Quote 0
            • girish
              girish Staff @thetomester13 last edited by girish

              @thetomester13 turns out my ttrss issue was something else. Can you tell me what the exact error is? Any screen shots? Maybe clear browser cache?

              Note that we already set the header recommended in their forum.

              T 1 Reply Last reply Reply Quote 0
              • T
                thetomester13 App Dev @girish last edited by

                @girish Sure, see screenshot. This also happened after I cleared all cookies for this URL and refreshed. I'm on v1.26.0 of the TTRSS app. 8227ecc0-4ed7-4afb-a57d-47fc60c5e1c0-image.png Screen Shot 2020-09-23 at 3.50.51 PM

                1 Reply Last reply Reply Quote 0
                • girish
                  girish Staff last edited by girish

                  @thetomester13 Going by some of the posts in the forum, it seems the issue might be session related (because https://git.tt-rss.org/fox/tt-rss/compare/77faa5d5237db83056d842aa0993b8d8e44375f4...33fdde249e8a40968bba42590e8ed17145ff9e30 was pointed out as a fix). Can you re-login and also try another browser for good measure, so we can rule out that aspect?

                  BTW, what do you mean by "desktop web app". Do you mean browser? (screenshot looks like firefox to me)

                  1 Reply Last reply Reply Quote 1
                  • T
                    thetomester13 App Dev last edited by

                    Yeah, logging out and in seems to have worked! Not sure why it wasn't working temporarily. When it doubt, turn it off and on again!

                    And yes, I just meant the browser, my bad!

                    Looks like this is all resolved now! This morning gave me quite a scare as TTRSS is probably my most used Cloudron app.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Powered by NodeBB