[Webcollab-announce] WebCollab 2.50 (Billy Goat) released!
Brought to you by:
andrewsimpson
Menu
▾
▴
[Webcollab-announce] WebCollab 2.50 (Billy Goat) released!
|
From: Andrew S. <and...@pa...> - 2009-04-17 20:42:09
|
Hi all, I am pleased to announce the release of WebCollab 2.50 (Billy Goat). This release has minor feature improvements and bug fixes. Secunia Research have issued Advisory SA34568 on behalf of Russ McRee for a CSRF vulnerability and a single XSS issue discovered in WebCollab 2.40. Both these issues are patched in this release of WebCollab. This is the first publicly notified issue with WebCollab in more than six years of releases. The CRSF issue would need to be exploited by tricking an administrator to open a malformed link whilst they were logged on to WebCollab. Nevertheless, upgrading is recommended for all sites. All of the code has subsequently been given a security review and several improvements made. This has included security tokens on most forms, and changing GET requests with actions to POST requests. This means that [delete] actions have now been generally shifted to the [edit] pages and are now buttons instead of hyperlinks. The setup pages have been heavily modified and improved. The code is now XHTML strict compliant (previously had validation errors). The character set handling has been improved for the standard WebCollab. Setup has also now been configured to accept language files. Contributions of translations are welcomed! Long posts in the forums are now truncated until a 'drop down button' is selected. ---- The UTF-8 version of WebCollab is recommended for all users, provided the optional mb_strings library is installed in PHP. For users with languages other than English, the UTF-8 version is strongly recommended because it has far superior internationalisation. Andrew -- Andrew Simpson <and...@pa...> |
