Foswiki Blog Foswiki 2.1.8 is released

We are very pleased to announce the availability of Foswiki 2.1.8. This release contains 61 fixes relative to 2.1.7, including 9 critical security related fixes.Upgrading to Foswiki 2.1.8 is highly recommended.Most notable are:CVE-2023-33756: SpreadSheetPlugin's EVAL feature exposes information about paths and files on the serverCVE-2023-24698: Local file inclusion vulnerability in viewfileBut also:directories in working directory are created as world writable 777 permissionspossible XSS attack in attachment commentsrestricted allowed protocols to http and https, i.e. forbid file protocol for local file inclusionprevent symlink attacks by defaulting to a secure location for temporary filesupdate to jquery-ui 1.13.2backport patch to earlier jQuery versons to fix a potential XSS vulnerabilitypossible XSS vulnerability in topic title fieldReverse proxing FoswikiFoswiki can now properly be run behind a reverse proxy reading a X-Forwarded-For http header. This resulted in mixed content before while rendering HTML.For more details read the release notesYou can download it from different locations immediately, see our download page for details. Please use our task tracker to report any issues. Or contact us on online via IRC or Slack.For installation information, see the System Requirements and the Installation Guide.Tags: security