Saturday, September 27, 2008

RestrainedLife 1.12.6


This is a security update following the one issued by Linden Lab on 09/26/2008. Check the following link for details :

The security update is not mandatory, but strongly recommended.

In short, the older viewer (and the older version of the server-side code) were allowing an exploit that could eventually lead to give someone else the ability to make YOUR viewer send messages, such as L$ transfers, fake IMs etc. But don't panic, the exploit is not known to have been ever used, as if it had the victims would have been aware of it (since the messages are sent through your viewer). It required some really tight circumstances to allow the attack, but the risk was there.

Now that LL has updated their server-side code, they have also released their client-side code (oh sorry, I meant "the viewer source code"), so here is the latest RestrainedLife viewer including this security fix.

First download the regular SL viewer (v1.20.16) here :

... then download the latest version of the RL viewer (v1.12.6) there :

Keep in mind that the older RL viewer (v1.12.15) is not compatible with the current SL release (v1.20.16). If you attempt to use both at the same time, your viewer will hang.