Hi ho folks!
I have just released JSPWiki 2.4.104, which contains important
security fixes. Upgrading is recommended to everyone. Here is the
ChangeLog:
2007-09-13 Janne Jalkanen <[EMAIL PROTECTED]>
* 2.4.104
* Fixes several XSS vulnerabilities in Diff, PageInfo,
Edit, Comment, Login, NewGroup, UserProfile and EditGroup.
Thanks heaps to Jason Katzer for finding these!
* Fixed a local path disclosure vulnerability in attachments.
Thanks also to Jason Katzer!
JSPWiki 2.5.139-beta, also just released, contains the above fixes as
well, in addition for a couple of new ones. Folks, don't forget to
escape your output!
/Janne
_______________________________________________
This is the Jspwiki-users mailing list, in which we discuss the
stable release (even-numbered, 2.4.x, 2.6.x), and user-issues.
For development discussion, please join jspwiki-dev.
http://ecyrd.com/cgi-bin/mailman/listinfo/jspwiki-users
http://www.jspwiki.org/JSPWikiMailingList
