Security upgrade for SPIP

What type of hardware are you using: VPS bought online
What YunoHost version are you running: 11.3.0.2
What app is this about: spip

Describe your issue

My server got hacked because the spip yunohost package is unmaintained and does as described in Critical security update · Issue #74 · YunoHost-Apps/spip_ynh · GitHub it is not including important security updates published in august 2024 Mise à jour critique de sécurité : sortie de SPIP 4.3.2, SPIP 4.2.16, SPIP (…) - SPIP Blog (RCE so remote execution which is pretty serious).

There are two open pull request that have done the work to upgrade the version (simple version and hash) : version 4.2.16 by arthurlutz · Pull Request #77 · YunoHost-Apps/spip_ynh · GitHub for minor version change, and Update manifest.toml spip 4.3.3 by vincent-lucy · Pull Request #76 · YunoHost-Apps/spip_ynh · GitHub for a major version.

What is the process for people stepping up to maintain an app like that ? Are there any telemetry indications as to how many installations are impacted by this problem ?

Share relevant logs or error messages

n/a

I have launched a CI test on your PR.

You just did a good step by posting here. You are also welcome on Matrix (#yunohost-apps:matrix.org) It’s a shame nobody noticed your comments and issues in the repo.

By YunoHost? None.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.