Topic: Plupload 1.5.4

Security fix: Disable scripting on swf loaded from another domain

We used to do: Security.allowDomain("*"); in Flash, so that it was possible for example to load swf from CDN and still script it. But recently we were told that this was quite a bad idea and could open doors for CSRF attack (thanks to Neal Poole and Nathan Partlan). We are commenting this line out now, but still leaving it in there, so that you could uncomment it and recompile if required. Change is small, but quite dramatic, however you should not worry if you never loaded swf shim from another domain. Otherwise be warned. Upgrade is recommended!

Flash: Disable scripting if swf was loaded from another domain.
If you want to see your issue fixed, do not report it here, do it on - GitHub.

Re: Plupload 1.5.4

Does this include subdomains? If I have my files on will it still work?

Re: Plupload 1.5.4

This very  workable .I use it my website .