[dokuwiki] Hotfix Release "2011-05-25a Rincewind"

  • From: Andreas Gohr <andi@xxxxxxxxxxxxxx>
  • To: DokuWiki Mailinglist <dokuwiki@xxxxxxxxxxxxx>
  • Date: Tue, 14 Jun 2011 22:07:41 +0200

We just released a Hotfix Release "2011-05-25a Rincewind". It contains
the following changes:

1. Security fix for a Cross Site Scripting vulnerability. Malicious
users could abuse DokuWiki's RSS embedding mechanism to create links
containing arbitrary JavaScript. Note: this security problem is
present in at least Anteater and Rincewind but probably in older
releases as well.
2. Bugfix for encoding Non-ASCII mail subjects
3. Bugfix for the indexer. On certain PHP versions (5.2.0-8+etch11 is
known) the fulltext search failed to work correctly with upper- or
mixed case words

To update your DokuWiki installation you can simply download the new
tarball from http://www.splitbrain.org/go/dokuwiki and follow the
usual update procedure described at
http://www.dokuwiki.org/install:upgrade.

Alternatively you can replace the following files with their counter
parts at github:

  inc/parser/xhtml.php ->
https://raw.github.com/splitbrain/dokuwiki/stable/inc/parser/xhtml.php
  inc/mail.php -> https://raw.github.com/splitbrain/dokuwiki/stable/inc/mail.php
  inc/indexer.php ->
https://raw.github.com/splitbrain/dokuwiki/stable/inc/indexer.php
  VERSION -> https://raw.github.com/splitbrain/dokuwiki/stable/VERSION
  doku.php -> https://raw.github.com/splitbrain/dokuwiki/stable/doku.php


If you are still running Anteater, we recommend updating to the above
release. If this is not possible for some reason, you can fix the
security problem by manually replacing the following files with their
github counter part:

  inc/mail.php ->
https://raw.github.com/splitbrain/dokuwiki/old-stable/inc/mail.php
  VERSION -> https://raw.github.com/splitbrain/dokuwiki/old-stable/VERSION

Andi


-- 
splitbrain.org
-- 
DokuWiki mailing list - more info at
http://www.dokuwiki.org/mailinglist

Other related posts: