Hi, I'm sending this message out essentially twice. The contents are included in the 3.1.5 release notes, but I wanted to make sure everyone got the message. There is a security hole in all versions of htsearch prior to version 3.1.5 (just released). This hole can allow remote users to read any file on your system that the UID running your webserver can read. It is *strongly* recommended that you upgrade to 3.1.5 ASAP. Anyone upgrading from a 3.1.x stable release will find the process fairly painless and to fix the hole, they can simply drop in the new CGI. The databases themselves are not affected. Anyone using version 3.2.0b1 is suggested to upgrade to the latest development snapshot. The next beta version, 3.2.0b2, will be released shortly to address this issue and other bugs. More detailed information will be posted to the BugTraq mailing list in a few days. -Geoff Hutchison Williams Students Online http://wso.williams.edu/ ------------------------------------ To unsubscribe from the htdig3-dev mailing list, send a message to [EMAIL PROTECTED] You will receive a message to confirm this.
