Improved security by always generating HTTPS URLs to Evernote services.Įvernote for Windows 6.15 beta 1 and 6.15 GAįixed an issue in versions 6.4 - 6.7 where the app would send authentication tokens over HTTP when contacting certain portions of the Evernote Service.
Improved NSConnection usage with NSProtocolChecker to protect the cross application IPC channel.įixed a stored cross site scripting (XSS) vulnerability in modified external web links.įixed a vulnerability in the protocol handler, specifically Evernote client installed on Windows 10, 7 or 2008 can be tricked in arbitrary command execution if the user clicks on a specially crafted URL.Įvernote for Windows 6.18 beta 2 and 6.17.7 GAįixed a stored cross site scripting (XSS) issue in rendering attachment filenames.Įvernote for Windows 6.16 beta 1 and 6.16 GA Evernote for Mac Ticket IdĪdded attribute to attachment files to prevent potential one click execution.įixed a regression and added the prompt before opening any file:// URIs.Įvernote for Mac 7.10 Beta 1 and 7.9.1 GAįixed a local file path traversal issue on attachment previewing.Īdded a prompt before opening any file:// URIs. To stay up-to-date with security patches, check back here or in our app release notes. Fixes released prior to this date do not appear.) (Note: Reporting began on March 1st, 2015. We'll update this page anytime we release an app that has a security update. Here you'll find a list of the most recent security bugs that we've fixed.
We proactively test our products for security issues and regularly squash bugs that could create vulnerabilities in our apps. It's important to us that your experience be both private and secure. Evernote makes products that are the go-to apps for millions of people worldwide accomplishing their most important work.
0 kommentar(er)
