Follow

Found a curious bug in the package last night. There is a reasonably old security patch for CVE-2017-14990 where the activation key is stored in plaintext for multisite users (normal users it's hashed).

Anyway it's a broken patch because it doesn't decide the user id. Easy to fix but I never used it before.

Sign in to participate in the conversation
Mastodon on Dropbear

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!