Hi Chris There is a security issue - defenitely. The complete details will be published in about 10 days.
Ray Von meinem Android-Gerät gesendet. -----Original Message----- From: Chris Jolly <[email protected]> To: "[email protected]" <[email protected]> Sent: Do., 31 Jul 2014 14:16 Subject: Re: [oxid-dev-general] OXID eShop Patch 5.1.7 / 5.0.13 + 4.8.7 / 4.7.13 published Hi Ray - I've looked at the changes and I don't understand what all the fuss is about and why this is ranked as a security update. All it does is add some more groups to the list of groups that are disabled in core settings -> system -> other for the "Prohibited User Groups for dynamic User Group assignment using "dgr" URL param". It also makes the user group OXID visible in the user group admin, so if you create a new group you can manually add it to this list. Have you any idea what this dgr stuff is all about ? Chris ________________________________ From: Haller Stahlwaren GmbH - Raimund Lang <[email protected]> To: "[email protected]" <[email protected]> Sent: Thursday, July 31, 2014 12:18 PM Subject: [oxid-dev-general] OXID eShop Patch 5.1.7 / 5.0.13 + 4.8.7 / 4.7.13 published On tuesday we published patch releases for both the legacy and the maintenance branch: OXID eShop Enterprise Edition 5.1.7 / 5.0.13 and Professional Edition 4.8.7 / 4.7.13 contain (amongst others) a bugfix which addresses one security issue. Partners and NDA contractors were already informed about the details earlier this month. The security bulletin for the issues will be made public ~ August, 12th. Therefore we strongly recommend to include this patch into your environments as soon as possible. _______________________________________________ dev-general mailing list [email protected]<mailto:[email protected]> http://dir.gmane.org/gmane.comp.php.oxid.general
_______________________________________________ dev-general mailing list [email protected] http://dir.gmane.org/gmane.comp.php.oxid.general
