<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    Ryan,<br>
    <br>
    Many thanks for reporting this one.<br>
    <br>
    I have added a fix that will be in version 5.01.<br>
    <br>
    Thanks!<br>
    Jules.<br>
    <br>
    <div class="moz-cite-prefix">On 02/02/2018 5:56 pm, Ryan Stepalavich
      wrote:<br>
    </div>
    <blockquote type="cite"
cite="mid:CA+StwpKc7n3rPXr2juvnnUXi1Sc774eru_MsFEomzL1_aenqrw@mail.gmail.com">
      <div>
        <div class="gmail_quote">
          <div><span style="font-family:Arial,sans-serif">Hi everybody,</span><br>
          </div>
          <div link="#0563C1" vlink="#954F72" lang="EN-US">
            <div class="m_-5712774021550482680WordSection1">
              <p class="MsoNormal"><span
                  style="font-family:&quot;Arial&quot;,sans-serif"> </span></p>
              <p class="MsoNormal"><span
                  style="font-family:&quot;Arial&quot;,sans-serif">We
                  just got our latest audit in and found a cross-frame
                  scripting vulnerability in ZendTo.</span></p>
              <p class="MsoNormal"><span
                  style="font-family:&quot;Arial&quot;,sans-serif"> </span></p>
              <p class="MsoNormal"><span
                  style="font-family:&quot;Arial&quot;,sans-serif">“it
                  is possible to load application pages in an external
                  frame. The application's response data does not set a
                  suitable X-Frame-Options header or use other measures
                  in order to prevent framing attacks.”</span></p>
              <p class="MsoNormal"><span
                  style="font-family:&quot;Arial&quot;,sans-serif"> </span></p>
              <p class="MsoNormal"><span
                  style="font-family:&quot;Arial&quot;,sans-serif"><a
href="https://coderwall.com/p/kdv1hw/prevent-rendering-your-page-inside-an-iframe-using-x-frame-options"
                    target="_blank" moz-do-not-send="true">https://coderwall.com/p/kdv1hw/prevent-rendering-your-page-inside-an-iframe-using-x-frame-options</a></span></p>
              <p class="MsoNormal"><span
                  style="font-family:&quot;Arial&quot;,sans-serif"> </span></p>
              <p class="MsoNormal"><span
                  style="font-family:&quot;Arial&quot;,sans-serif">Is
                  this something that’s compatible with 5.00-2?</span></p>
              <p class="MsoNormal"><span
                  style="font-family:&quot;Arial&quot;,sans-serif"> </span></p>
              <p class="MsoNormal"><span
                  style="font-family:&quot;Arial&quot;,sans-serif">Thanks
                  in advance!</span></p>
            </div>
          </div>
        </div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
ZendTo mailing list
<a class="moz-txt-link-abbreviated" href="mailto:ZendTo@zend.to">ZendTo@zend.to</a>
<a class="moz-txt-link-freetext" href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto">http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto</a></pre>
    </blockquote>
    <br>
    <pre class="moz-signature" cols="72">Jules

-- 
Jules Field MEng CEng CITP MBCS MIEEE MACM
email+iMessage: <a class="moz-txt-link-abbreviated" href="mailto:Jules@ecs.soton.ac.uk">Jules@ecs.soton.ac.uk</a>
Twitter: @JulesFM

Senior Tutor, Electronics and Computer Science
Teaching Systems Manager, Faculty of Physical Sciences and Engineering
University of Southampton SO17 1BJ, UK

'That is the land of lost content,
 I see it shining plain,
 The happy highways where I went,
 And cannot come again.' - A.E. Houseman

</pre>
  </body>
</html>