From: Honza M. <hon...@ec...> - 2014-02-19 17:15:16
|
Hi all, Gert Steenssens found SQL INJECTION problem in our SQL permission system, which were there for a long time from its beginning phase. All systems, which uses SQL based permission system should be updated (see the line define("PERM_LIB", "sql") in your config.php3 script). The systems which uses LDAP permission system are not affected. The database structure is stable for quite a long time, so any update from Subversion should be quite easy - just type: svn update The current AA in SVN works well with PHP 5.3, 5.4 and 5.5 and MySQL >= 5.0 (or MariaDB). Thanks Gert for the report, Honza |