+See also cautions.rst_.
+
+.. _cautions.rst: file:cautions.rst
+
============
Known Issues
============
.. _the "historical known issues" document: historical/historical_known_issues.txt
-Known Issues in Tahoe-LAFS v1.9.1, released 12-Jan-2012
-=======================================================
+Known Issues in Tahoe-LAFS v1.9.2, released 3-Jul-2012
+======================================================
* `Unauthorized access by JavaScript in unrelated files`_
* `Disclosure of file through embedded hyperlinks or JavaScript in that file`_
version of this file stated that Firefox had abandoned their phishing
filter; this was incorrect.
-.. _a brief description of their filter's operation: http://blogs.msdn.com/ie/archive/2005/09/09/463204.aspx
-.. _"safe browsing API": http://code.google.com/apis/safebrowsing/
-.. _specification: http://code.google.com/p/google-safe-browsing/wiki/Protocolv2Spec
+.. _a brief description of their filter's operation: https://blogs.msdn.com/ie/archive/2005/09/09/463204.aspx
+.. _"safe browsing API": https://code.google.com/apis/safebrowsing/
+.. _specification: https://code.google.com/p/google-safe-browsing/wiki/Protocolv2Spec
.. _Firefox bugzilla ticket #368255: https://bugzilla.mozilla.org/show_bug.cgi?id=368255
A person could learn the storage index of a file in several ways:
-1. By being granted the authority to read the immutable file—i.e. by being
+1. By being granted the authority to read the immutable file: i.e. by being
granted a read capability to the file. They can determine the file's
storage index from its read capability.
longer vulnerable to this problem.
Note that the issue is local to each storage server independently of other
-storage servers—when you upgrade a storage server then that particular
+storage servers: when you upgrade a storage server then that particular
storage server can no longer be tricked into deleting its shares of the
target file.
If you can't immediately upgrade your storage server to a version of
Tahoe-LAFS that eliminates this vulnerability, then you could temporarily
shut down your storage server. This would of course negatively impact
-availability—clients would not be able to upload or download shares to that
-particular storage server while it was shut down—but it would protect the
-shares already stored on that server from being deleted as long as the server
-is shut down.
+availability -- clients would not be able to upload or download shares to
+that particular storage server while it was shut down -- but it would protect
+the shares already stored on that server from being deleted as long as the
+server is shut down.
If the servers that store shares of your file are running a version of
Tahoe-LAFS with this vulnerability, then you should think about whether