[dokuwiki] Re: Hotfix Release "2011-05-25a Rincewind"

  • From: lainme <lainme993@xxxxxxxxx>
  • To: dokuwiki@xxxxxxxxxxxxx
  • Date: Wed, 15 Jun 2011 14:15:33 +0800

According to the github commit history, I think the file list for Anteater
should be

        inc/parser/xhtml.php->
https://raw.github.com/splitbrain/dokuwiki/old-stable/inc/parser/xhtml.php

instead of

        inc/mail.php
->https://raw.github.com/splitbrain/dokuwiki/old-stable/inc/mail.php

lainme

On Wed, Jun 15, 2011 at 4:07 AM, Andreas Gohr <andi@xxxxxxxxxxxxxx> wrote:

> We just released a Hotfix Release "2011-05-25a Rincewind". It contains
> the following changes:
>
> 1. Security fix for a Cross Site Scripting vulnerability. Malicious
> users could abuse DokuWiki's RSS embedding mechanism to create links
> containing arbitrary JavaScript. Note: this security problem is
> present in at least Anteater and Rincewind but probably in older
> releases as well.
> 2. Bugfix for encoding Non-ASCII mail subjects
> 3. Bugfix for the indexer. On certain PHP versions (5.2.0-8+etch11 is
> known) the fulltext search failed to work correctly with upper- or
> mixed case words
>
> To update your DokuWiki installation you can simply download the new
> tarball from http://www.splitbrain.org/go/dokuwiki and follow the
> usual update procedure described at
> http://www.dokuwiki.org/install:upgrade.
>
> Alternatively you can replace the following files with their counter
> parts at github:
>
>  inc/parser/xhtml.php ->
> https://raw.github.com/splitbrain/dokuwiki/stable/inc/parser/xhtml.php
>  inc/mail.php ->
> https://raw.github.com/splitbrain/dokuwiki/stable/inc/mail.php
>  inc/indexer.php ->
> https://raw.github.com/splitbrain/dokuwiki/stable/inc/indexer.php
>  VERSION -> https://raw.github.com/splitbrain/dokuwiki/stable/VERSION
>  doku.php -> https://raw.github.com/splitbrain/dokuwiki/stable/doku.php
>
>
> If you are still running Anteater, we recommend updating to the above
> release. If this is not possible for some reason, you can fix the
> security problem by manually replacing the following files with their
> github counter part:
>
>  inc/mail.php ->
> https://raw.github.com/splitbrain/dokuwiki/old-stable/inc/mail.php
>  VERSION -> https://raw.github.com/splitbrain/dokuwiki/old-stable/VERSION
>
> Andi
>
>
> --
> splitbrain.org
> --
> DokuWiki mailing list - more info at
> http://www.dokuwiki.org/mailinglist
>

Other related posts: