Menu
▾
▴
Re: [Phpwiki-talk] 1.3.9 security fixes and 1.3.7
|
From: Reini U. <ru...@x-...> - 2004-05-10 13:23:10
|
Matthew Palmer schrieb: > On Mon, May 10, 2004 at 12:32:53PM +0200, Reini Urban wrote: >>Matthew Palmer schrieb: >> >>>Do any of the fixes in 1.3.9p1 fix security problems which were introduced >>>before or in 1.3.7? The conglomerate patch provided isn't real easy to >>>work out. >> >>No. > > Thanks for confirming that. Had a user who was worried about it, and it's > always better safe than sorry. BTW, to which security problems did he refer to? Most old 1.3.7 and 1.3.4 bugs are closed now. These ARE fixed. See the sf.net bugs page. >>problems fixed with 1.3.9p1 which also affected 1.3.7: >>* set UserPreferences for bool and int fixed >>* dba open problems improved >>* php-4.0.6 support re-enabled (superglobals,array_key_exists) >>* PageGroup support for [links] and subpages >> >>BTW: As soom as some pending InlineParser problems (still minor ones) >>are fixed, I'll roll out another release. > > I think I'll hold off packaging another phpwiki release until 1.3.10, then. I think most problems are now resolved. The only pending problem TBD is CreateToc. So I think 1.3.10 will be out by tomorrow. This will not include all of my initial goals. http://phpwiki.sourceforge.net/phpwiki?DevelopmentBranch But since the 1.3.9-p1 patches aren't really easy to apply (didn't see that the registered websites did that) I better bring out a tested stable release with 80% of the planned features, and do the rest in a 1.3.11 (WikiGroup user independency, RateIt, Crao, LDAP-old, editpage toolbar, SOAP, config helpers - installer) > On the subject of releases (mainly the stable series), has anyone been > working on a translator from the 1.3 series index.php config to the new > INIConfig system? Manually rewriting bits and pieces of the config file is > probably fairly easy for most situations, but I'd like a (semi) automated > solution for the Debian packaging, if possible. I think Joby has something in the works. At least the values at the demo site seemed to be autogenerated. > I'm happy to take this discussion to the list if it's better that way. We already are on the list, aren't we? -- Reini Urban http://phpwiki.sf.net/ |
