SoloHive Security Update
This is a quick but important security update.
If you are running a SoloHive instance, it is strongly recommended that you download and update the latest files from the repository.
What Was Fixed
During testing, we discovered a vulnerability in post.html that could allow an attacker to manipulate the URL and display Hive posts from accounts outside of those configured for your SoloHive installation.
This vulnerability could expose both site owners and visitors to unauthorized or malicious content.
An attacker could potentially use this behavior to display phishing pages, scams, adult content, or other unwanted material through a Hive post. This could damage visitor trust, harm your site's reputation, and negatively impact search engine rankings.
The Fix
Additional validation checks have been added to ensure that only Hive content from accounts specified in config.js can be displayed.
All fixes have been tested and are functioning as intended.
Files That Need To Be Updated
Please download the latest files from the SoloHive GitHub repository and update the following files:
app.js— No configuration changes are required.config.js— Review and edit this file as needed for your installation.
Repository:
https://github.com/dotw-hive/SoloHive
Thank you to everyone testing SoloHive and helping improve the project's security and reliability.
Dudeontheweb
SoloHive GitHub Repository
Our GitHub repository is right here:
https://github.com/dotw-hive/SoloHive
You can check out a live demo that is set to my personal Hive account:
https://dotw-hive.github.io/SoloHive/