Gregory (Grisha) Trubetskoy wrote:
If you see any problems with this text, let me know. ---------- Forwarded message ---------- Date: Sat, 12 Feb 2005 22:00:56 -0500 (EST) From: "Gregory (Grisha) Trubetskoy" <[EMAIL PROTECTED]> To: announce@httpd.apache.org, [EMAIL PROTECTED] Cc: python-dev@httpd.apache.org Subject: [ANNOUNCE] Mod_python 3.2.8 (security) The Apache Software Foundation and The Apache HTTP Server Project are pleased to announce the release of versions 3.2.8 of mod_python.
versions -> version
This release addresses a vulnerability in mod_python's FileSession object whereby a carefully crafted session cookie could potentially permit an attacker to execute code on the server. FileSession was introduced in mod_python 3.2.7 released on February 15 2006 and is not enabled by default, therefore only a very small number of installations, if any, are likely to be affected by this issue. There are no other changes or improvements from the previous version in this release. Mod_python is available for download from: http://httpd.apache.org/modules/python-download.cgi For more information about mod_python visit http://www.modpython.org/ Regards, Gregory Trubetskoy