Michael Morin has discovered a critical vulnerability in Typo priori to release 5.0.4.98.1 which may lead to arbitrary code execution and privilege escalation on Typo blogs. Even though 5.0.4b1 was released yesterday, this vulnerability is critical enough to make us release 5.0.4b2 today. This release also fixes a bunch of bugs such as : – Missing dependencies in the installer (thx Scott Likens for pointing this out) – articles.rss and articles.atom bad naming. – Bad unordered lists display on the new default theme. You can download typo at http://rubyforge.org/frs/?group_id=555&release_id=23488 or just update your gem. Cheers, Frédéric / neuro -- Frédéric de Villamil frederic@de-villamil.com tel: +33 (0)6 62 19 1337 http://fredericdevillamil.com Typo : http://typosphere.org
on 2008-07-01 00:02
on 2008-07-01 18:37
de Villamil Frédéric wrote: > Michael Morin has discovered a critical vulnerability in Typo priori > to release 5.0.4.98.1 which may lead to arbitrary code execution and > privilege escalation on Typo blogs. Even though 5.0.4b1 was released > yesterday, this vulnerability is critical enough to make us release > 5.0.4b2 today. Hello, Frédéric! For those of us who are relatively new to Typo, is there a "best practice" for upgrading an existing Typo-based blog? -- --Michel R Vaillancourt JKL-5 Telephony Services "The center of your telephony service needs" Phone: +1.514.907.9429 eMail: support@jkl5group.com World Wide Web: http://www.jkl5group.com/support
Enable email notification
Enable multi-page viewPlease log in before posting. Registration is free and takes only a minute.
Existing account
(Switch to SSL-encrypted connection)
NEW: Do you have a Google/GoogleMail or Yahoo account? No registration required!
Log in with Google account | Log in with Yahoo account
Log in with Google account | Log in with Yahoo account
No account? Register here.