No Support > Announcements

Maintenance release CPG1.4.6 protects against Apache's .rar vulnerability

<< < (2/3) > >>

birddog:
 Thank you GauGau for update.

jon_miner:

--- Quote from: GauGau on May 24, 2006, 12:44:13 am ---yes: the fix is to upgrade. If you don't want to/can't, then apply the suggested hotifx. Don't ask cpg1.3.x-related questions on a thread that deals with the announcement of another version.

--- End quote ---

1. Don't be an ass when someone asks a question.  This thread is not only about the 1.4.6 version, it's also about protecting against the .rar vulnerability.
2. The "hotfix" doesn't apply to 1.3.x, is there a "hotfix" for 1.3.x, or are we all just left out to dry?

jon

Paver:

--- Quote from: jon_miner on June 09, 2006, 10:23:19 pm ---1. Don't be an ass when someone asks a question.  This thread is not only about the 1.4.6 version, it's also about protecting against the .rar vulnerability.
2. The "hotfix" doesn't apply to 1.3.x, is there a "hotfix" for 1.3.x, or are we all just left out to dry?
--- End quote ---

Let's try some understanding.  I think it's clear from Joachim's post that he assumed the hotfix works for 1.3.x.  This is a mistaken assumption, but that's all it is: a mistake.

So let's move on and address your report that the hotfix is not applicable to 1.3.x since there is no function replace_forbidden().  I am looking into writing a hotfix now.  It will be slightly more complicated than the 1.4.x fix.  We need to move this discussion to the cpg1.3 board.  I don't think there's a thread over there now.  I'll post once I have written the hotfix with a link here.

edit: Instead of "now", let's say "today or tomorrow".  There are about a dozen or so forbidden-character replacements in 5 scripts for 1.3.5.  Now I see why a separate function is useful.  I'm thinking adding the function and then replacing those 5 references to function calls is probably the best way to go (and easiest to write up as a hotfix).

Joachim Müller:

--- Quote from: jon_miner on June 09, 2006, 10:23:19 pm ---The "hotfix" doesn't apply to 1.3.x, is there a "hotfix" for 1.3.x, or are we all just left out to dry?

--- End quote ---
As Paver suggested: there apparently is no hotfix for cpg1.3.x available yet. I'm glad he volunteered to come up with one.
Please keep in mind though that support for cpg1.3.x is running out pretty soon. All who run cpg1.3.x should seriously consider upgrading now.
I find it rude though to reply with cpg1.3.x issues on a thread that is clearly labelled cpg1.4.x-only, with a clear statement in the initial announcement not to post unrelated things, as you're making this thread useless for the users it was intended for (the vast majority of coppermine users is already running cpg1.4.x).

Paver:
The HOTFIX for Coppermine 1.3.x is available here:
http://forum.coppermine-gallery.net/index.php?topic=32537.0

If you have any questions at all, support or otherwise, reply to that post, *not* here.

Navigation

[0] Message Index

[#] Next page

[*] Previous page