The official blog on Trillian development.

Further information on recent vulnerabilities.

As mentioned in the last blog, we fixed 4 vulnerabilities in Trillian 3.1 with our new release. The links to the specific advisories are below:

All of these vulnerabilities have been addressed in version and we encourage everyone to upgrade to the latest version. We will be rolling out an auto-update for our existing customers shortly.

Special thanks to both the ZDI and iDefense teams for their assistance in reporting and resolving these issues; we’ve worked with a handful of vulnerability research firms in the past, and I can happily say that these folks are both top-notch researchers and extremely professional. We look forward to continuing our relationship with them both to ensure we bring you the most secure and error-free software possible!

6 Responses to “Further information on recent vulnerabilities.”
  1. Hertie Says:

    well, I’m using the Astra alpha as the native Trillian… er – maybe I should update the old one anyway… I hope the problem’s gone with the Alpha-PlugIns!

  2. Giolon Says:

    It’s great that you guys made this update, but you need to make it so that “Check for Updates” in 3.1 alerts users to its presence. Currently it does not.

  3. maunic Says:

    Good point Hertie … are these vulnerabilities being checked for in Astra now as well hopefully?

  4. y0himba Says:

    Heh. I just received the Full Disclosure Email on this :) Good Job Cerulean!

  5. Sustinance Says:

    I just installed the update. If you already have trillian installed, BACKUP YOUR DIRECTORY! The install overwrites all of your files and settings. :(

  6. Ashraful Says:

    Which means ZDI and iDefense are using Trillian too! :D