github
/
hexo-theme-icarus
mirror of https://github.com/ppoffice/hexo-theme-icarus
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

chore(docs): warn user about Valine vulnerability

pull/832/head
ppoffice 2020-09-12 11:56:26 -04:00
parent 8b8466afe0
commit aaf4ee77fb
No known key found for this signature in database
GPG Key ID: B33335481CC0D498
3 changed files with 28 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
source/_posts/demo/comment/Valine.md
View File

@ -23,3 +23,11 @@ Please report your issues with this plugin to
<a href="https://github.com/ppoffice/hexo-component-inferno">ppoffice/hexo-component-inferno</a>.
</div>
</article>
<article class="message message-immersive is-danger">
<div class="message-body">
<i class="fas fa-exclamation-triangle mr-2"></i>A vulnerability has been found in Valine that the
comment service exposes IP addresses of all commenters (<a href="https://github.com/xCss/Valine/issues/336" target="_blank" rel="noopener">xCss/Valine#336</a>). Please use alternative comment
services until this issue has been fixed.
</div>
</article>

10
source/_posts/en/Comment-Plugins.md
View File

@ -446,6 +446,16 @@ However, unlike the other services, Isso requires a web host for running the Iss
<strong>Installation Guide</strong><a class="tag is-success ml-2" href="{% post_path demo/comment/Valine %}">Preview</a>
</div>
<br>
<article class="message message-immersive is-danger">
<div class="message-body">
<i class="fas fa-exclamation-triangle mr-2"></i>A vulnerability has been found in Valine that the
comment service exposes IP addresses of all commenters (<a href="https://github.com/xCss/Valine/issues/336" target="_blank" rel="noopener">xCss/Valine#336</a>). Please use alternative comment
services until this issue has been fixed.
</div>
</article>
1. Create a LeanCloud application following the [Quickstart guide](https://valine.js.org/quickstart.html).
2. Copy the "App ID" and "App Key" of your LeanCloud application to the corresponding settings in the theme

10
source/_posts/zh-CN/Comment-Plugins.md
View File

@ -443,6 +443,16 @@ providers:
<strong>安装指南</strong><a class="tag is-success ml-2" href="{% post_path demo/comment/Valine %}">在线预览</a>
</div>
<br>
<article class="message message-immersive is-danger">
<div class="message-body">
<i class="fas fa-exclamation-triangle mr-2"></i>有用户发现一个存在于Valine评论插件的漏洞会导致此评论服务暴露所有评论者的
IP地址 (<a href="https://github.com/xCss/Valine/issues/336" target="_blank" rel="noopener">xCss/Valine#336</a>)。
请在此漏洞修复之前换用其他评论服务。
</div>
</article>
1. 按照[快速开始文档](https://valine.js.org/quickstart.html)创建LeanCloud应用。
2. 将你LeanCloud应用的”App ID“和”App Key“复制到主题配置的对应配置项中。