From: Mark R. Evans <mevans@ec...> - 2009-07-06 19:10:49
The FCKeditor team has published a security update to address issues
highlighted in oCERT Advisory: #2009-007 FCKeditor input sanitization
All glFusion users are urged to apply the published updates to their
sites. The updates are available at:
The security advisory states there are input sanitization issues that
can lead to unauthorized files being uploaded to a site. The advisory
also points out several issues with the _samples directory included in
the standard FCKeditor distribution. glFusion *does not* include
these sample directories and it only includes the PHP file connector
from the FCKeditor distribution.
Please use the support forums at http://www.glfusion.org if you have
any questions or concerns.
The glFusion Team