[pmwiki-announce] PmWiki 2.1.18 released

Patrick R. Michaud pmichaud at pobox.com
Mon Aug 28 14:37:35 CDT 2006


I've just released pmwiki 2.1.18, available from 

    http://www.pmwiki.org/pub/pmwiki/pmwiki-2.1.18.tgz
    http://www.pmwiki.org/pub/pmwiki/pmwiki-2.1.18.zip
    http://www.sourceforge.net/projects/pmwiki
    svn://pmwiki.org/pmwiki/tags/latest

The primary purpose of this release is to close a potential
cross-site scripting vulnerability that could allow an attacker
to inject Javascript statements for execution on visitors' browsers.
No known actual exploits of this vulnerability have been reported,
but the vulnerability has been publicly reported on the
pmwiki-users mailing list.

For those who are running older versions of PmWiki, the vulnerability
can be avoided by either upgrading to this release, or by restricting
page editing privileges to trusted individuals.  If upgrading poses
a difficulty for any site, please contact pmichaud at pobox.com for
assistance and a patch for older versions of PmWiki can be made 
available.

In addition to the security-related fix just mentioned, this release
adds support for image-based form input controls via the 
(:input image:) tag.

Lastly, a problem with ?action=print failing to set the {$Action}
variable properly has been fixed.

Comments, questions welcome as always.

Pm



More information about the pmwiki-announce mailing list