From ab60cacec08ac1450ca46fd39f9604003111fcec Mon Sep 17 00:00:00 2001 From: Mathieu Kooiman Date: Tue, 8 Mar 2016 10:31:27 +0100 Subject: [PATCH] Fix markup --- documentation/security/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/documentation/security/index.md b/documentation/security/index.md index 189ed6c..27ad541 100644 --- a/documentation/security/index.md +++ b/documentation/security/index.md @@ -15,7 +15,7 @@ This vulnerability can be exploited by performing a Man-in-the-Middle attack whe Thanks to [Radoslaw Karpowicz](//vulnsec.com) for reporting the vulnerabilty. -## Mitigations +#### Mitigations * Upgrade to atleast [SparkleUpdater framework 1.13.1]((//github.com/sparkle-project/Sparkle/releases/tag/1.13.1). This version enhances security by further restricting permissions for the webview used in the update dialog and disables external entity parsing all together. These changes protect your users from both the RCE and the info-disclosure vulnerabilities. * If you are unable to update to 1.13.1 for some reason. Patches for older versions of Sparkle are available: [a6e9c](//github.com/sparkle-project/Sparkle/commit/a6e9c8aff644f0cf5314c9f10e039c34cd350561), [70f69](//github.com/sparkle-project/Sparkle/commit/70f6929ac766b404e8e0d28d5cbda7872dc2ee3f). If you use any older versions of Sparkle, or forks of the official version, please verify that they have these patches applied.