gngr v0.1.0, security fix & layout improvements

by hrj on Thu, 25 Dec 2014

A new version of gngr is available (version 0.1.0) with an important security fix and a major improvement to CSS layout. We strongly recommend an update. The release is available from the download page.


Fix for file:// vulnerability

In v0.0.0 it was possible for a website to access the contents of the gngr user's profile directory (~/.gngr/default) through file:// URLs. No other directories/files were accessible.

Since the profile directory contains the cookie database, this is a critical vulnerability!

To mitigate, we have disabled all protocols except `http`, `https` and `data`.

Support for the `display:inline-block` CSS rule

gngr learnt to layout inline-blocks which are widely-used.

Back to blog home.