During the process of an external pentest and a few independent security researchers, we have identified and patched another potential security vulnerability in Hudu.
Please take the following precautions:
All hosted instances should be updated to the latest version by tonight.
Hudu is currently in the process of a external, third-party pentest with results that will be shared publicly. We are also changing our external pentesting framework to happen 2-3 times a year, with results available publicly.
We also have a new Vulnerability Disclosure Program for independent security researchers who would like to help the Hudu community at large: https://support.usehudu.com/hc/en-us/articles/5680076300567-Hudu-Vulnerability-Disclosure-Program