So anyway, this is the end of the summer. I realise very little happened on the KCast/Trout front over summer, however, I have just uploaded a little update to KCast in CVS which lets you use the downsampling feature of Trout from within KCast. Basically you need lame for it to work, but you can tell it to downsample all your MP3s on the fly so you can have a fixed, constant output bitrate even if your MP3s come in various shapes and sizes.... read more
A major security risk was discovered in trout, so therefore kcast, this allowed the poison null byte problem to be used in combination with the HTML serving of trout to gain read and write access to any file within hte permissions of the user trout/kcast was run as.
This has been correct now, (kcast versions > 1.1 are fixed, as is the trout html.pl file if its cvs version is > 1.1)
If you had used the disable HTML option in kcast 1.1 then you should be safe, and with the latest version of kcast (1.2) you should be safe even if it is enabled.