Dear colleagues, RIPE Database release 1.121.2 has just been released to the production environment. The only change from release 1.121.1 is a fix for a cross-site vulnerability affecting the Syncupdates service. We have removed support for the HTTP GET method in Syncupdates to update an object using a URL-encoded object. Now we only support the POST method. This helps to protect the RIPE database from Cross-Site Scripting (XSS) exploits, and the GET method was rarely used (the last update was in mid-January). We are following our internal Vulnerability Management policy remediation timelines and therefore not waiting for the normal release cycle. Regards Ed Shryane RIPE NCC