Typo 5.0.4 beta 2 is out, fixes a critical security vulnerability

Michael M. has discovered a critical vulnerability in Typo priori
to release 5.0.4.98.1 which may lead to arbitrary code execution and
privilege escalation on Typo blogs. Even though 5.0.4b1 was released
yesterday, this vulnerability is critical enough to make us release
5.0.4b2 today.

This release also fixes a bunch of bugs such as :
– Missing dependencies in the installer (thx Scott L. for pointing
this out)
– articles.rss and articles.atom bad naming.
– Bad unordered lists display on the new default theme.

You can download typo at
http://rubyforge.org/frs/?group_id=555&release_id=23488
or just update your gem.

Cheers,
Frédéric / neuro


Frédéric de Villamil
[email protected] tel: +33 (0)6 62 19 1337
http://fredericdevillamil.com Typo : http://typosphere.org

de Villamil Frédéric wrote:

Michael M. has discovered a critical vulnerability in Typo priori
to release 5.0.4.98.1 which may lead to arbitrary code execution and
privilege escalation on Typo blogs. Even though 5.0.4b1 was released
yesterday, this vulnerability is critical enough to make us release
5.0.4b2 today.
Hello, Frédéric! For those of us who are relatively new to Typo, is
there a “best practice” for upgrading an existing Typo-based blog?

–Michel R Vaillancourt
JKL-5 Telephony Services
“The center of your telephony service needs”

Phone: +1.514.907.9429
eMail: [email protected]
World Wide Web: http://www.jkl5group.com/support

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs