From aaf4ee77fb9af7b2c8923d879f10dd95213816eb Mon Sep 17 00:00:00 2001
From: ppoffice <ppoffice@users.noreply.github.com>
Date: Sat, 12 Sep 2020 11:56:26 -0400
Subject: [PATCH] chore(docs): warn user about Valine vulnerability

---
 source/_posts/demo/comment/Valine.md   |  8 ++++++++
 source/_posts/en/Comment-Plugins.md    | 10 ++++++++++
 source/_posts/zh-CN/Comment-Plugins.md | 10 ++++++++++
 3 files changed, 28 insertions(+)

diff --git a/source/_posts/demo/comment/Valine.md b/source/_posts/demo/comment/Valine.md
index 4b3ed13..4a663f3 100644
--- a/source/_posts/demo/comment/Valine.md
+++ b/source/_posts/demo/comment/Valine.md
@@ -23,3 +23,11 @@ Please report your issues with this plugin to
 <a href="https://github.com/ppoffice/hexo-component-inferno">ppoffice/hexo-component-inferno</a>.
 </div>
 </article>
+
+<article class="message message-immersive is-danger">
+<div class="message-body">
+<i class="fas fa-exclamation-triangle mr-2"></i>A vulnerability has been found in Valine that the
+comment service exposes IP addresses of all commenters (<a href="https://github.com/xCss/Valine/issues/336" target="_blank" rel="noopener">xCss/Valine#336</a>). Please use alternative comment
+services until this issue has been fixed.
+</div>
+</article>
diff --git a/source/_posts/en/Comment-Plugins.md b/source/_posts/en/Comment-Plugins.md
index 236fd5f..6296288 100644
--- a/source/_posts/en/Comment-Plugins.md
+++ b/source/_posts/en/Comment-Plugins.md
@@ -446,6 +446,16 @@ However, unlike the other services, Isso requires a web host for running the Iss
 <strong>Installation Guide</strong><a class="tag is-success ml-2" href="{% post_path demo/comment/Valine %}">Preview</a>
 </div>
 
+<br>
+
+<article class="message message-immersive is-danger">
+<div class="message-body">
+<i class="fas fa-exclamation-triangle mr-2"></i>A vulnerability has been found in Valine that the
+comment service exposes IP addresses of all commenters (<a href="https://github.com/xCss/Valine/issues/336" target="_blank" rel="noopener">xCss/Valine#336</a>). Please use alternative comment
+services until this issue has been fixed.
+</div>
+</article>
+
 1. Create a LeanCloud application following the [Quickstart guide](https://valine.js.org/quickstart.html).
 
 2. Copy the "App ID" and "App Key" of your LeanCloud application to the corresponding settings in the theme 
diff --git a/source/_posts/zh-CN/Comment-Plugins.md b/source/_posts/zh-CN/Comment-Plugins.md
index f94f341..14dbbdd 100644
--- a/source/_posts/zh-CN/Comment-Plugins.md
+++ b/source/_posts/zh-CN/Comment-Plugins.md
@@ -443,6 +443,16 @@ providers:
 <strong>安装指南</strong><a class="tag is-success ml-2" href="{% post_path demo/comment/Valine %}">在线预览</a>
 </div>
 
+<br>
+
+<article class="message message-immersive is-danger">
+<div class="message-body">
+<i class="fas fa-exclamation-triangle mr-2"></i>有用户发现一个存在于Valine评论插件的漏洞会导致此评论服务暴露所有评论者的
+IP地址 (<a href="https://github.com/xCss/Valine/issues/336" target="_blank" rel="noopener">xCss/Valine#336</a>)。
+请在此漏洞修复之前换用其他评论服务。
+</div>
+</article>
+
 1. 按照[快速开始文档](https://valine.js.org/quickstart.html)创建LeanCloud应用。
 
 2. 将你LeanCloud应用的”App ID“和”App Key“复制到主题配置的对应配置项中。