From: Thomas Waldmann <tw-public@gm...> - 2010-02-01 08:54:38
in case you're wondering, I recently got some very useful feedback from
a japanese guy currently doing MoinMoin security research - he found 3
critical issues yet.
If you are interested in moin security, please read (and subscribe to):
One of the issues he found was fixed in 1.9.1 release (only affects 1.9
installations), we are currently working on the more recent 2 issues
(which affect all moin versions >=1.5).
Likely this will lead to new 1.9 and 1.8 releases, please install them
as soon as they are available. We also will patch 1.7 (for some popular
linux distributions still having moin 1.7 packages), but considering the
easy upgrade from 1.7 to 1.8, there won't be a new 1.7 release.
Please note that details about what the issues exactly are and how they
could be exploited are intentionally not given NOW, to give developers,
package maintainers and site administrators time to fix stuff.
Please use the time. If you are running something that's not up-to-date,
upgrade to latest 1.8.x or 1.9.x NOW and follow the SecurityFixes page.
1.8.x is still maintained for people who don't want to deal with WSGI
stuff right now. If that's not an issue for you, please upgrade to
Get latest updates about Open Source Projects, Conferences and News.