Menu
▾
▴
Re: [Phpwiki-talk] How stable/secure is "current"?
|
From: Reini U. <ru...@x-...> - 2004-12-18 18:09:18
|
Jim Popovitch schrieb: > I see on the sf.net download site that PhpWiki 1.3 (current) hasn't been > updated since May, while PhpWiki 1.2 (stable) was updated a few days > ago. I am in the process of rolling out a new production wiki and I was > wondering if v1.3 is stable/secure enough or if more focus is still > given to v1.2. Any input is appreciated. Thanks. Focus is on v1.3 as already noted in the v1.2 release notes. I even doubt that 1.2 is secure enough, however it is rather stable. Until recently you were forced to use register_globals=on which is a security nightmare. And the workaround allowing register_globals=off was not tested well enough against any security issues. Stock 1.3.10 has some known problems and bugs under special configurations. httpauth doesn't work, flatfile is broken, using ACL with a '.' page might lead to server crashes, certain admin group queries also, ... See the PhpWikiDemo:ReleaseNotes for details. http://phpwiki.sourceforge.net/demo/en/ReleaseNotes Current CVS has less problems, but there are other new issues I'm working on: pagedata cache: might display wrong author/owner under special circumstances, pagedata_cache on PageGroupTest/subpage. blogging, HttpAuth and VisualWiki is under construction. But just since about two days, for about the next 3 days. An older CVS checkout will be stable. action=edit under Apache2 might have problems under certain configurations. php5 is broken. -- Reini Urban http://phpwiki.org/ |
