Etherpad 1.2.9 fixes "massive security issue"
Etherpad Lite was recently security audited by Mozilla. The developers say the result of that audit was an urgent effort from them to fix "gaping loopholes" in the collaborative editor's security and, in turn, release version 1.2.9 of Etherpad Lite. Issues addressed include a major security problem where an attacker could submit content as another user and a problem with unescaped user input.
Calling the 1.2.9 version "the most secure version released", the developers point out they still have work to do as the latest patches have caused some issues with "user experience and import functionality". They say that "this shouldn't hold you back from updating", indicating that, even though they are lacking a security advisory and rating scheme, the issues are serious enough to update despite the flaws.