Hotfix: versions 4.14.1 and 3.67.3 address an edge case where content from other sites can appear in multisite projects #4900
boutell
announced in
Release Notes
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
We released a hotfix today. This fix applies only to customers using our multisite module. The fix however is in the "apostrophe" module itself.
Versions 4.14.1 (recommended) and 3.67.3 (for those still on the 3.x series) of the "apostrophe" npm module correct an issue that could cause content from site "A" to appear on site "B."
This could happen only if all of the following conditions were met:
(1) the URLs are the same (the home page for instance),
(2) the requests are exactly simultaneous,
(3) ApostropheCMS is running multiple sites in the same process (a common and fully supported but not universal practice depending on your self-hosted ops strategy), and
(4) no user is logged in.
Because of (4) a security impact is very unlikely, and because of (2) this is a rare condition. But, of course it is not a good thing. So you will want to upgrade to get this fix in place.
Beta Was this translation helpful? Give feedback.
All reactions