Total.js platform
Total.js platform

JavaScript platform for everyone

A critical security fix

A critical security fix for Total.js framework

We were noticed about the critical security bug in Total.js framework, but you are safe if you use a reverse proxy like NGINX or Apache. I'm very grateful for great analyse from security experts Riccardo Krauter, Dario Ragno, Fabio Cogno @ Certimeter Group. So thank you a lot!

The fix below is for all version of Total.js framework between v1.7 and v3.1 version. Just copy security.js file to definitions folder, for example: /your-app-dir/definitions/security.js.

  • download fix security.js
  • and copy it to /your-app/definitions/security.js
  • restart app

Sorry for all troubles.


NEW UPDATE: read comments here https://github.com/totaljs/framework/commit/de16238d13848149f5d1dae51f54e397a525932b