[Cppcms-users] Released CppCMS 0.0.7 and 0.99.3: security bug fixes
Brought to you by:
artyom-beilis
|
From: Artyom <art...@ya...> - 2010-09-15 13:39:58
|
Hello All,
This release is security fix release for stable branch of CppCMS
and both security and feature release for CppCMS 1.x.x branch.
All users are encouraged to update to latest version.
If it is not possible to upgrade don't use "hmac" session backend, switch
to "aes" or server side session storage backend.
Changedlog 0.0.7
----------------
- Bugfix of hmac backend: generation of signature with too small block size
Changedlog 0.99.3
-----------------
Security:
- Bugfix of hmac backend: generation of signature with too small block size
Features:
- New version of Boost.Locale
- Added support of multiple hmac cookie signatures:
Built in: hmac-md5, hmac-sha1
With libgcrypt: hmac-sha224, hmac-sha256, hmac-sha384, hmac-sha512
By default hmac now uses sha1 instead of less secure md5
Bugs:
- Fixed memory leak in aes session encryptor
- Fixed incorrect testing of UTF-8 encoding
- Fixed missing attributes of some form widgets
- Fixed incorrect code generation in templates in certain cases,
- Fixed race condition when dispatch and context
assignment may happen not simulataniously
Artyom
|