
<html>

  <head>

    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">

  </head>

  <body text="#000000" bgcolor="#FFFFFF">

    Ryan,<br>

    <br>

    Many thanks for reporting this one.<br>

    <br>

    I have added a fix that will be in version 5.01.<br>

    <br>

    Thanks!<br>

    Jules.<br>

    <br>

    <div class="moz-cite-prefix">On 02/02/2018 5:56 pm, Ryan Stepalavich

      wrote:<br>

    </div>

    <blockquote type="cite"

cite="mid:CA+StwpKc7n3rPXr2juvnnUXi1Sc774eru_MsFEomzL1_aenqrw@mail.gmail.com">

      <div>

        <div class="gmail_quote">

          <div><span style="font-family:Arial,sans-serif">Hi everybody,</span><br>

          </div>

          <div link="#0563C1" vlink="#954F72" lang="EN-US">

            <div class="m_-5712774021550482680WordSection1">

              <p class="MsoNormal"><span

                  style="font-family:&quot;Arial&quot;,sans-serif"> </span></p>

              <p class="MsoNormal"><span

                  style="font-family:&quot;Arial&quot;,sans-serif">We

                  just got our latest audit in and found a cross-frame

                  scripting vulnerability in ZendTo.</span></p>

              <p class="MsoNormal"><span

                  style="font-family:&quot;Arial&quot;,sans-serif"> </span></p>

              <p class="MsoNormal"><span

                  style="font-family:&quot;Arial&quot;,sans-serif">“it

                  is possible to load application pages in an external

                  frame. The application's response data does not set a

                  suitable X-Frame-Options header or use other measures

                  in order to prevent framing attacks.”</span></p>

              <p class="MsoNormal"><span

                  style="font-family:&quot;Arial&quot;,sans-serif"> </span></p>

              <p class="MsoNormal"><span

                  style="font-family:&quot;Arial&quot;,sans-serif"><a

href="https://coderwall.com/p/kdv1hw/prevent-rendering-your-page-inside-an-iframe-using-x-frame-options"

                    target="_blank" moz-do-not-send="true">https://coderwall.com/p/kdv1hw/prevent-rendering-your-page-inside-an-iframe-using-x-frame-options</a></span></p>

              <p class="MsoNormal"><span

                  style="font-family:&quot;Arial&quot;,sans-serif"> </span></p>

              <p class="MsoNormal"><span

                  style="font-family:&quot;Arial&quot;,sans-serif">Is

                  this something that’s compatible with 5.00-2?</span></p>

              <p class="MsoNormal"><span

                  style="font-family:&quot;Arial&quot;,sans-serif"> </span></p>

              <p class="MsoNormal"><span

                  style="font-family:&quot;Arial&quot;,sans-serif">Thanks

                  in advance!</span></p>

            </div>

          </div>

        </div>

      </div>

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <br>

      <pre wrap="">_______________________________________________

ZendTo mailing list

<a class="moz-txt-link-abbreviated" href="mailto:ZendTo@zend.to">ZendTo@zend.to</a>

<a class="moz-txt-link-freetext" href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto">http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto</a></pre>

    </blockquote>

    <br>

    <pre class="moz-signature" cols="72">Jules


-- 

Jules Field MEng CEng CITP MBCS MIEEE MACM

email+iMessage: <a class="moz-txt-link-abbreviated" href="mailto:Jules@ecs.soton.ac.uk">Jules@ecs.soton.ac.uk</a>

Twitter: @JulesFM


Senior Tutor, Electronics and Computer Science

Teaching Systems Manager, Faculty of Physical Sciences and Engineering

University of Southampton SO17 1BJ, UK


'That is the land of lost content,

 I see it shining plain,

 The happy highways where I went,

 And cannot come again.' - A.E. Houseman


</pre>

  </body>

</html>