Hello all,
I am pleased to announce the release of WebCollab 3.31 (Baldy).
This is a bug and security fix version with two changes.
Internet Security Auditors have found a HTTP Response Splitting Vulnerability in the 'help' files
(CVE-2013-2652). This vulnerability would appear to have been present since the first released
version of WebCollab, and is not considered to be high impact. Nevertheless, all users are
recommended to upgrade.
As an alternative to upgrading, add the file '[webcollab]/help/help_language.php' from this release
to any earlier release, overwriting the existing file of the same name.
A bug in setting passwords with PHP 5.5+ has been fixed. An internal function shared a common name
with a new reserved function in PHP 5.5.
I am aware that WebCollab is often vetted and inspected by various organisations looking for
security issues. However, in over 10 years of WebCollab releases this is only the second time that
a security vulnerability has been reported.
Enjoy!
Andrew
|
