Menu
▾
▴
Re: [Phpwebsite-developers] Security patch available
|
From: Greg M. <drk...@co...> - 2005-02-26 21:58:38
|
Shaun Murray wrote: > > On 26 Feb 2005, at 19:15, Greg Morgan wrote: > >> Matthew McNaney wrote: >> >>> Please download and untar in your phpwebsite installation directory. >>> http://phpwebsite.appstate.edu/downloads/security/ >>> phpws_image_secure_patch.tgz >> >> >> I thought there was another security release some time ago. Is it >> time to release 0.10.1 with these patches and any other bug fixes >> that have been accrued? > > > I think the only changes in cvs since 0.10.0 have been these security > changes and a template change in pagemaster so it would usually be a > little early for a 0.10.1 release although it's perhaps important now > for new users so that they don't install 0.10.0 without the security > patch. > > > Shaun > aegis design - http://www.aegisdesign.co.uk I am wondering what the best solution is based on the skill of some users in the forum? For example, even though there is information on unzipping modules and themes here http://phpwebsite-comm.sourceforge.net/wiki/index.php?title=Third_Party_Module_Installation http://phpwebsite-comm.sourceforge.net/wiki/index.php?title=Third_Party_Theme_Installation_Guide I don't many users will make the connection. If we say go to cvs for the updates and use this documentation http://phpwebsite-comm.sourceforge.net/wiki/index.php?title=Maintenance_Guide that may be too involved for most users. Saying please upgrade to this 0.10.1 security release using this documentation http://phpwebsite-comm.sourceforge.net/wiki/index.php?title=Upgrade_Guide may be the safest best. Then again why am I concerned about this? There's enough people that don't follow updates for the software they use that phpWebSite will still get the bad press for the problem even though there was a quick resolution by ASU. Thankfully, we didn't have to wait for the commercial vendor 12 steps: denial of the issue, committee investigation of the issue, development of the mission statement concerning the issue, lower the risk of the issue, corporate spin doctoring the issue, the announcement that it will be with the next monthly patch, think about creating the patch, ... Greg |
