Quick Security Update

A few people have been asking about a post that was published yesterday by a security researcher who helped us fix a bug in March. Here is some additional background information:

On March 10th, we received notification that, in some cases, our HTML sanitizer was not removing onclick event handlers on buttons that could be included in blog posts. The dev team looked at the issue, repaired it and deployed a fix to our servers within 24 hours. This was a server bug, so as soon as we deployed the fix to the server, all the apps and the web client were repaired – no user action required.

We are not aware of any user being affected by the issue. Note: articles are loaded in a webview sandbox, so there is not much any malicious code could have actually done – besides redirecting you to another site or changing some of your feedly preferences.

We are lucky to have security researchers within the feedly community. As such, from time to time we receive bug reports at security@feedly.com. Our policy is to fix these bugs (even the harmless ones) within 24 hours whenever possible. As part of this process, we offer the person who reported the bug a lifetime feedly Pro account.

The process worked well in this case and we are very thankful to Jeremy for helping make feedly safer.

Happy, safe reading.



Author: @feedly

Read more. Know more.

14 thoughts on “Quick Security Update”

  1. We’re a group of volunteers and opening
    a new scheme in our community. Your site offered us with valuable info to work on.
    You’ve done an impressive job and our whole community will be grateful
    to you.

  2. Unless your house is a cottage nestled in the woods, Italianate
    or totally Modern, it’s best to avoid dark exterior house paint.

    Because these colors represent happiness, joy, exuberance, and life.

    The trim around doors, windows and baseboards along with the kitchen and
    bathroom tend to be painted with either a semi-gloss
    or gloss finish paint because these areas require
    more regular washing.

  3. I do not even understand how I finished up right here, but I thought this submit used to be great.
    I do not recognize who you might be but certainly you are
    going to a famous blogger in the event you are not
    already. Cheers!

  4. Experience has shown that the louder you yell the principle to the idiot pupil in question the better the procedure works.
    The four victors got their user-created jobs featured by
    the development team. Unfortunately, a computer unplugged from the internet can be about as
    useful as, well, a fine automobile that only drives up and down the driveway.

  5. Despite the fact that luck is usually a significant ingredient for
    this initiative, some people will acquire all
    of the time. As you may notice the profit isn’t much, and that is why sure bets are played usually with large amount of money.
    College football games just do not fall on those numbers as often as
    they do in NFL contests.

  6. Do you mind if I quote a few of your posts as long as I provide
    credit and sources back to your site? My blog site
    is in the exact same niche as yours and my users would certainly benefit from some
    of the information you provide here. Please let me know if this okay
    with you. Thank you!

  7. In addition to the overall energy savings whic a geothermal heat pump
    provides, there are a number of other encouraging factors to consider.
    Curently the higher cost regarding creating geothermal heating pumps causes these
    to be less frequent than they probably should be, but costs hass decided to decrease as production effectiveness improves.
    Geothermal hvaac uses the relatively constant temperature in the earth tto heat
    and cool homes aand businesses with 40% to 70% less energy than basic conventional systems.

Comments are closed.