[pmwiki-users] PmWiki 2.2.3 released

Petko Yotov 5ko at 5ko.fr
Wed Jul 15 18:53:24 CDT 2009


Hello. I have released pmwiki-2.2.3 stable today, available at :

    http://www.pmwiki.org/pub/pmwiki/pmwiki-2.2.3.tgz
    http://www.pmwiki.org/pub/pmwiki/pmwiki-2.2.3.zip
     svn://www.pmwiki.org/pmwiki/tags/latest

This release fixes six potential XSS vulnerabilities, reported by Michael 
Engelke. The vulnerabilities may affect wikis open for editing and may allow 
the injection of external JavaScripts in their pages. Public open wikis 
should upgrade.

A new variable $EnableUploadGroupAuth was added; if set to 1, it allows 
password-protected uploads to be checked against the Group password. This 
variable works with $EnableDirectDownload set to 0.

It is now possible to use @_site_edit, @_site_read, @_site_admin or 
@_site_upload global passwords in GroupAttributes pages.

A number of other bugs were fixed, and the documentation was updated. 

Thanks,
Petko



More information about the pmwiki-users mailing list