[pmwiki-users] PmWiki 2.1.18 released
Hsing-Foo Wang
hsingfoo at gmail.com
Mon Aug 28 15:16:21 CDT 2006
Very much apreciate the swift response and openness!
-HF
On 8/28/06, Patrick R. Michaud <pmichaud at pobox.com> wrote:
> I've just released pmwiki 2.1.18, available from
>
> http://www.pmwiki.org/pub/pmwiki/pmwiki-2.1.18.tgz
> http://www.pmwiki.org/pub/pmwiki/pmwiki-2.1.18.zip
> http://www.sourceforge.net/projects/pmwiki
> svn://pmwiki.org/pmwiki/tags/latest
>
> The primary purpose of this release is to close a potential
> cross-site scripting vulnerability that could allow an attacker
> to inject Javascript statements for execution on visitors' browsers.
> No known actual exploits of this vulnerability have been reported,
> but the vulnerability has been publicly reported on the
> pmwiki-users mailing list.
>
> For those who are running older versions of PmWiki, the vulnerability
> can be avoided by either upgrading to this release, or by restricting
> page editing privileges to trusted individuals. If upgrading poses
> a difficulty for any site, please contact pmichaud at pobox.com for
> assistance and a patch for older versions of PmWiki can be made
> available.
>
> In addition to the security-related fix just mentioned, this release
> adds support for image-based form input controls via the
> (:input image:) tag.
>
> Lastly, a problem with ?action=print failing to set the {$Action}
> variable properly has been fixed.
>
> Comments, questions welcome as always.
>
> Pm
>
> _______________________________________________
> pmwiki-users mailing list
> pmwiki-users at pmichaud.com
> http://www.pmichaud.com/mailman/listinfo/pmwiki-users
>
More information about the pmwiki-users
mailing list