[Webcalendar-announce] WebCalendar 1.0.2 released
Brought to you by:
cknudsen
From: Craig K. <cr...@k5...> - 2005-12-08 14:10:05
|
In response to the recent security vulnerabilities published about WebCalendar, version 1.0.2 has been released. Download https://sourceforge.net/project/showfiles.php?group_id=3870&package_id=3844&release_id=376489 <https://sourceforge.net/project/showfiles.php?group_id=3870&package_id=3844&release_id=376489> Upgrading There are no database changes from 1.0.1. So, you can just unzip on top of your 1.0.1 files to upgrade. (It's always a good idea to make a backup before doing so.) What's New in 1.0.2 * Fixed vuln in layers: published vulnerability in layers_toggle.php was fixed * Security fixes: fixes for activity_log.php, export_handler.php, edit_template.php, pref_handler.php and admin_handler.php that deal with SQL Injection * Fixed bug 1349621: Information disclosure vulnerability on failed login * Fixed bug 1353363: publish.php logic error for public user? * Fixed bug 1328589: typo in del_entry for read-only calendars. * Added new time range options for reports: next 14/30/60/90/180/365 days. This allows reports to show events starting with current date * Fixed bug: undefined variable warning in export_handler.php * Fixed the following bug reports on SourceForge: o 1296294: Javascript error when saving with empty description on IE o 1265575: Bug in get_all_dates() * Other bugs fixed: o Added Romanian, Turkish, Welsh to config.php in places where they were missing * The following translations were updated: Czech, German, Polish Help/Questions Post any questions about the new release to the Help/Troubleshooting forum on SourceForge: https://sourceforge.net/forum/forum.php?forum_id=11588 |