[Is 1.4.111 Vulnerable To Cve-2015-2846?]

The related report:

http://www.securityweek.com/command-injection-vulnerability-found-bittorrent-sync

 

 

“The vulnerability relates to how BitTorrent Sync handles URLs with the btsync protocol. By navigating the user to a specially formed link starting with btsync:, an attacker can inject arbitrary command line parameters that will be passed to BTSync.exe. An attacker can leverage this vulnerability to execute code under the context of the current user,” ZDI wrote in its advisory.

 

[Please Make 1.4 Folder Unlimited]

More importantly, the blog will attract new users who will mostly use it to download rather than sync between devices at the beginning. And now the blog have to take additional care to tell them to use this specific old version, which definitely has a smaller chance to convert user into customer.

[Please Make 1.4 Folder Unlimited]

Just registered to post this.

 

I have a rather special use case of BT Sync. A number of blogs battling online censorship is using BT Sync folders to distribute censorship circumventing software and banned books anonymously. For readers' convenience they are categorized and divided into different folders, since the total size is a bit overwhelming.

 

I have read about the difference between the 1.4 folders and the 2.0 folders, and how 2.0 folders are based on the new identity. Since 2.0 still supports 1.4 folder, I pledge, at least make those unlimited. Otherwise we would just be using 1.4 and not bother upgrading altogether.