Phoenix 1.3, 1.4, 1.5, and 1.6 security releases for wildcard check_origin vulnerability

If you upgrade, you must not change the pattern to "//*..other.com". Doing so means it would allow foo..other.com but not foo.other.com.

7 Likes