Impact
After enabling thumbnails, the contents of a remote are available to an attacker on the local network while the user is actively browsing that remote. Classified as high but not critical since it could be discovered and crawled by an automated tool, but requires a discovering a non standard port on a non default configuration.
Patches
The issue has been patched as of 1.9.0. Users should upgrade to the newest release available.
Workarounds
Disable "Show Thumbnails" in Settings > General.
References
Security Notice 201901
Impact
After enabling thumbnails, the contents of a remote are available to an attacker on the local network while the user is actively browsing that remote. Classified as high but not critical since it could be discovered and crawled by an automated tool, but requires a discovering a non standard port on a non default configuration.
Patches
The issue has been patched as of 1.9.0. Users should upgrade to the newest release available.
Workarounds
Disable "Show Thumbnails" in Settings > General.
References
Security Notice 201901