Security issue in .apkg imports from third party sources on Anki <2.0.47

Damien Elmes's Avatar

Damien Elmes

16 Aug, 2017 12:34 PM

Hi all,

I have just released 2.0.47. It fixes an issue that could allow a specially crafted .apkg file to write files outside the media folder during import. AnkiWeb shared decks were not affected, but upgrading is strongly recommended if you import .apkg files from third party sources. A big thanks to David Bailey for discovering this issue.

Download from https://apps.ankiweb.net

  1. Damien Elmes closed this discussion on 17 Aug, 2017 01:31 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac