Forum: Typo Typo 5.0.4 beta 2 is out, fixes a critical security vulnerability

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
700f9a3b883e6a04d018f48290b1a3fd?d=identicon&s=25 de Villamil Frédéric (Guest)
on 2008-07-01 00:02
(Received via mailing list)
Michael Morin has discovered a critical vulnerability in Typo priori
to release 5.0.4.98.1 which may lead to arbitrary code execution and
privilege escalation on Typo blogs. Even though 5.0.4b1 was released
yesterday, this vulnerability is critical enough to make us release
5.0.4b2 today.

This release also fixes a bunch of bugs such as :
– Missing dependencies in the installer (thx Scott Likens for pointing
this out)
– articles.rss and articles.atom bad naming.
– Bad unordered lists display on the new default theme.

You can download typo at
http://rubyforge.org/frs/?group_id=555&release_id=23488
  or just update your gem.

Cheers,
Frédéric / neuro

--
Frédéric de Villamil
frederic@de-villamil.com                        tel: +33 (0)6 62 19 1337
http://fredericdevillamil.com             Typo : http://typosphere.org
5180e53611fb542bb83e42ef221943e1?d=identicon&s=25 Michel R Vaillancourt (Guest)
on 2008-07-01 18:37
(Received via mailing list)
de Villamil Frédéric wrote:
> Michael Morin has discovered a critical vulnerability in Typo priori
> to release 5.0.4.98.1 which may lead to arbitrary code execution and
> privilege escalation on Typo blogs. Even though 5.0.4b1 was released
> yesterday, this vulnerability is critical enough to make us release
> 5.0.4b2 today.
    Hello, Frédéric!  For those of us who are relatively new to Typo, is
there a "best practice" for upgrading an existing Typo-based blog?

--

  --Michel R Vaillancourt
  JKL-5 Telephony Services
  "The center of your telephony service needs"

  Phone:  +1.514.907.9429
  eMail:  support@jkl5group.com
  World Wide Web:  http://www.jkl5group.com/support
This topic is locked and can not be replied to.