---------- Forwarded Message ---------- Subject: SabreDAV 1.7.11 and 1.8.9 released, fixing two critical issues Date: Wednesday 26 February 2014, 14:37 From: Evert Pot <[email protected]> To: [email protected]
Hi everyone, We just released SabreDAV 1.7.11 and 1.8.9. Both of these releases fix two critical issues. Upgrade by running: composer upgrade sabre/dav or grab the zips from: https://github.com/fruux/sabre-dav/releases This release fixes a security issue and an issue related to large files in SabreDAV. *XXE issue* Previous SabreDAV versions had a security issue, if running on the following PHP versions * PHP 5.3, older than 5.3.23 * PHP 5.4, older than 5.4.13 * PHP 5.5 is not affected by this. You are strongly recommended to upgrade, as the security issue could expose local files or easily trigger a DOS attack. More information here: <http://websec.io/2012/08/27/Preventing-XEE-in-PHP.html> *Large file support* It was also discovered that SabreDAV can often not serve files larger than 2GB, due to a bug in PHP's fpassthru method. If you ran into this issue, update sabredav. We are now no longer using fpasshtru. More information here: http://evertpot.com/fpassthru-broken/ -- You received this message because you are subscribed to the Google Groups "SabreDAV Discussion" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/sabredav-discuss. For more options, visit https://groups.google.com/groups/opt_out. ----------------------------------------- -- Med venlig hilsen / Best Regards Thomas Tanghus _______________________________________________ Devel mailing list [email protected] http://mailman.owncloud.org/mailman/listinfo/devel
