Slash Boxes

Slash Open Source Project

Slash: Slash + CSS

posted by vroom on 09:43 AM September 6th, 2005   Printer-friendly   Email story

We've been working for some time now on getting Slash to utilize CSS and also updating it's old crufty HTML while we're at it. We've moved Slash to HTML Strict 4.01. and are currently running on this code. You can take a look at the markup, or log in and take a look around.

If you'd like to see what Slashdot might look like you can activate the Slashdot stylesheet on in Firefox by choosing View > Page Style > Slashdot. I'm sure you can do the same thing with other browsers but you're on your own for the specifics of how to do so.

Slash: Full Disclosure and Patches on CVS Vulnerability

posted by jamiemccarthy on 02:50 PM December 20th, 2004   Printer-friendly   Email story
The "security issue" described on the morning of Dec. 15th is actually two separate and unrelated cross-site scripting (XSS) bugs. We're disclosing all of what we know about them at this point to allow site admins to patch sites which cannot reasonably be upgraded to the latest, fixed version of the code, the Dec. 8th build R_2_5_0_41.

Both of these issues were found by Michael Krax who we understand will be publishing something about them shortly. Again, we thank Mr. Krax for responsibly reporting these issues to us and letting us give administrators running Slash time to upgrade their code.

The first security bug was introduced to Slash in May 2002. The second was introduced in October 2004. Both have been fixed in CVS since Dec. 8, 2004. Neither is present in our last official release, version 2.2.6.

Slash: Temporary Workaround For CVS Vulnerability

posted by jamiemccarthy on 03:05 PM December 16th, 2004   Printer-friendly   Email story
We've gotten a couple of questions about whether there will be a workaround for site admins who don't want to upgrade into x_2_5_* CVS but who don't want to just wait until the patch comes out next week.

For security reasons, we don't want to reveal too much of what's going on until everyone has had a chance to upgrade, but we will say that you can temporarily make your site immune to the vulnerability by removing the symlinks to and

Slash: Security Advisory for CVS Slash

posted by jamiemccarthy on 10:42 AM December 15th, 2004   Printer-friendly   Email story
There has been a security issue in CVS Slash code for the last couple of years which was found recently. This is something that site administrators should be concerned about.

We are urging all sites which are using a version of the code from CVS to upgrade now to the CVS tag R_2_5_0_41. Sites which are using the 2.2.6 tarball, the latest official release, do not need to upgrade (the issue is not present there).

Today's News | September 7 | September 5  >