github
/
hexo-theme-icarus
mirror of https://github.com/ppoffice/hexo-theme-icarus
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

chore(docs): warn user about Valine vulnerability

pull/832/head
ppoffice 2020-09-12 11:56:26 -04:00
parent 8b8466afe0
commit aaf4ee77fb
No known key found for this signature in database
GPG Key ID: B33335481CC0D498
3 changed files with 28 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
source/_posts/demo/comment/Valine.md
View File

@ -23,3 +23,11 @@ Please report your issues with this plugin to
<a href="https://github.com/ppoffice/hexo-component-inferno">ppoffice/hexo-component-inferno</a>. <a href="https://github.com/ppoffice/hexo-component-inferno">ppoffice/hexo-component-inferno</a>.
</div> </div>
</article> </article>
<article class="message message-immersive is-danger">
<div class="message-body">
<i class="fas fa-exclamation-triangle mr-2"></i>A vulnerability has been found in Valine that the
comment service exposes IP addresses of all commenters (<a href="https://github.com/xCss/Valine/issues/336" target="_blank" rel="noopener">xCss/Valine#336</a>). Please use alternative comment
services until this issue has been fixed.
</div>
</article>

10
source/_posts/en/Comment-Plugins.md
View File

@ -446,6 +446,16 @@ However, unlike the other services, Isso requires a web host for running the Iss
<strong>Installation Guide</strong><a class="tag is-success ml-2" href="{% post_path demo/comment/Valine %}">Preview</a> <strong>Installation Guide</strong><a class="tag is-success ml-2" href="{% post_path demo/comment/Valine %}">Preview</a>
</div> </div>
<br>
<article class="message message-immersive is-danger">
<div class="message-body">
<i class="fas fa-exclamation-triangle mr-2"></i>A vulnerability has been found in Valine that the
comment service exposes IP addresses of all commenters (<a href="https://github.com/xCss/Valine/issues/336" target="_blank" rel="noopener">xCss/Valine#336</a>). Please use alternative comment
services until this issue has been fixed.
</div>
</article>
1. Create a LeanCloud application following the [Quickstart guide](https://valine.js.org/quickstart.html). 1. Create a LeanCloud application following the [Quickstart guide](https://valine.js.org/quickstart.html).
2. Copy the "App ID" and "App Key" of your LeanCloud application to the corresponding settings in the theme 2. Copy the "App ID" and "App Key" of your LeanCloud application to the corresponding settings in the theme

10
source/_posts/zh-CN/Comment-Plugins.md
View File

@ -443,6 +443,16 @@ providers:
<strong>安装指南</strong><a class="tag is-success ml-2" href="{% post_path demo/comment/Valine %}">在线预览</a> <strong>安装指南</strong><a class="tag is-success ml-2" href="{% post_path demo/comment/Valine %}">在线预览</a>
</div> </div>
<br>
<article class="message message-immersive is-danger">
<div class="message-body">
<i class="fas fa-exclamation-triangle mr-2"></i>有用户发现一个存在于Valine评论插件的漏洞会导致此评论服务暴露所有评论者的
IP地址 (<a href="https://github.com/xCss/Valine/issues/336" target="_blank" rel="noopener">xCss/Valine#336</a>)。
请在此漏洞修复之前换用其他评论服务。
</div>
</article>
1. 按照[快速开始文档](https://valine.js.org/quickstart.html)创建LeanCloud应用。 1. 按照[快速开始文档](https://valine.js.org/quickstart.html)创建LeanCloud应用。
2. 将你LeanCloud应用的”App ID“和”App Key“复制到主题配置的对应配置项中。 2. 将你LeanCloud应用的”App ID“和”App Key“复制到主题配置的对应配置项中。