[openupload-devel] IMPORTANT: OpenUpload v0.4.2 release
Status: Beta
Brought to you by:
tsdogs
Menu
▾
▴
[openupload-devel] IMPORTANT: OpenUpload v0.4.2 release
|
From: Alessandro B. <ts...@br...> - 2010-11-20 11:25:20
|
Hi all, I have just released v0.4.2 of OpenUpload. It should fix a security flaw which allows to inject XSS scripting in the fields (especially the logs), which was discovered by BatMat ( thanks for reporting). I plan to use a better approach in v0.5 but for now it should work. If any of you finds out more of such bugs please report. Alessandro ---------------- Here are the notes on how to upgrade (as found in the release UGRADE file): IMPORTANT Before any upgrade be sure to have a backup of the database and the configuration. FROM v0.4.1 TO v0.4.2 1. Replace all files in the following files and directories (www/config.inc.php does not need to be touched): * www * templates * lib * locale * plugins You might need to reapply changes to the templates if you made any. 2. Connect to your openupload installation and login as administrator: http://<yourserver>/<openupload>/ 3. Go to the administration page 4. Follow the "Upgrade to v0.4.2" link 5. IMPORTANT: check your logs for any error |
