The bad news first:
Just after cutting a new 0.5.0 release of Conductance, we discovered a security issue in all versions of Conductance which allows a remote attacker to execute arbitrary code on a server which publishes an
.api module, by exploiting custom object marshallers.
0.5.1 includes a fix for this issue, and we've also pushed out an 0.4.2 release for everyone using 0.4. The 0.4.2 release simply disables the custom marshalling feature, since it's only needed in advanced cases - if you do need to use custom marshalling and you can't upgrade to 0.5, please get in touch and we'll help you out.
The better news
.. is that, as you may have gathered, we've just release Conductance 0.5, as well as StratifiedJS 0.19.
mho:observablehas moved to
- better error handling for surface mechanisms
- improved cleanup / retraction on process exit
- a local documentation browser route which can include your own custom hubs
- improvements to systemd integration
- additional nodejs modules (
- useful additions to the
If you've installed directly from conductance.io, you can update by running
If you haven't yet installed Conductance, head over to the Conductance Introduction page to get started.