SOLVED Tiny Tiny RSS - Security issues
-
A number of issues have been found in TTRSS - https://www.digeex.de/blog/tinytinyrss/. You can read the announcement in their forum about the fixes - https://community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799 .
I have pushed a new package with the fixes. If you use TTRSS, best to update it at the earliest.
-
@girish thanks for hopping on this quickly! However, it seems something is now broken with my TTRSS instance. When clicking on an article title when it's active, I get a weird error from my instance's backend.php page:
{"error":{"code":6,"message":null}}It seems like the user pahles had a similar issue on the TTRSS community forum thread you linked, and this is a potential solution proposed by someone else. Can you replicate this issue? What do you think is the estimated time to resolve this?
-
@thetomester13 I could reproduce this in the mobile app, am looking into it. For the moment, you can revert to the previous version. Can you confirm this only happens in the mobile app because the desktop works fine for me.
-
@girish I actually noticed this issue in the desktop web app. The mobile app (don't know if there's an official one? I'm using tiny Reader iOS version 2.1.3) works fine for me ironically.
-
@thetomester13 turns out my ttrss issue was something else. Can you tell me what the exact error is? Any screen shots? Maybe clear browser cache?
Note that we already set the header recommended in their forum.
-
@girish Sure, see screenshot. This also happened after I cleared all cookies for this URL and refreshed. I'm on v1.26.0 of the TTRSS app.
Screen Shot 2020-09-23 at 3.50.51 PM
-
@thetomester13 Going by some of the posts in the forum, it seems the issue might be session related (because https://git.tt-rss.org/fox/tt-rss/compare/77faa5d5237db83056d842aa0993b8d8e44375f4...33fdde249e8a40968bba42590e8ed17145ff9e30 was pointed out as a fix). Can you re-login and also try another browser for good measure, so we can rule out that aspect?
BTW, what do you mean by "desktop web app". Do you mean browser? (screenshot looks like firefox to me)
-
Yeah, logging out and in seems to have worked! Not sure why it wasn't working temporarily. When it doubt, turn it off and on again!
And yes, I just meant the browser, my bad!
Looks like this is all resolved now! This morning gave me quite a scare as TTRSS is probably my most used Cloudron app.
