I assume it's a minor code edit to re-enable xmlrpc if one feels he/she can mitigate the security issue in another way, right?
On 8/24/05, Dave Hall <[EMAIL PROTECTED]> wrote: > Hi all, > > This new release fixes several security issues within phpGroupWare. The > fixes include: > > * Global anti-XSS changes, related to savannah bug #13863 > * FUDForum Information Disclosure - CAN-2005-2600 > * Disabled XMLRPC until more resources are available - > CAN-2005-2498 > > Disabling of XMLRPC is regrettable but unavoidable. phpGroupWare's > XMLRPC code is a bastardized version of phpxmlrpc. Our XMLRPC code is > currently unmaintained and we did not have the resources available to > merge and test the changes require. Instead of delaying the release any > more we chose to disable functionality. If you wish to contribute to > fixing our XMLRPC support please contact me directly. > > As always grab it from our download section - > http://download.phpgroupware.org/now > > Cheers > > Dave > -- > Dave Hall (aka skwashd) > API Coordinator > phpGroupWare > ------------------------------------------------------------------------- > Do you think if Bill Gates got laid in high school, do you think there'd > be a Microsoft? Of course not. > Underwear Goes Inside The Pants by Lazy Boy > > > > _______________________________________________ > Phpgroupware-users mailing list > [email protected] > http://lists.gnu.org/mailman/listinfo/phpgroupware-users > > _______________________________________________ Phpgroupware-users mailing list [email protected] http://lists.gnu.org/mailman/listinfo/phpgroupware-users
