gngr v0.1.0, security fix & layout improvements
by Thu, 25 Dec 2014on
A new version of gngr is available (version 0.1.0) with an important security fix and a major improvement to CSS layout. We strongly recommend an update. The release is available from the download page.
Fix for file:// vulnerability
In v0.0.0 it was possible for a website to access the contents of the gngr user's profile directory (~/.gngr/default) through file:// URLs. No other directories/files were accessible.
Since the profile directory contains the cookie database, this is a critical vulnerability!
To mitigate, we have disabled all protocols except `http`, `https` and `data`.
Support for the `display:inline-block` CSS rule
gngr learnt to layout inline-blocks which are widely-used.