[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Phpgroupware-users] phpGroupWare 0.9.16.007 Security Fix Release
From: |
Chris Weiss |
Subject: |
Re: [Phpgroupware-users] phpGroupWare 0.9.16.007 Security Fix Release |
Date: |
Wed, 24 Aug 2005 12:13:58 -0500 |
I assume it's a minor code edit to re-enable xmlrpc if one feels
he/she can mitigate the security issue in another way, right?
On 8/24/05, Dave Hall <address@hidden> wrote:
> Hi all,
>
> This new release fixes several security issues within phpGroupWare. The
> fixes include:
>
> * Global anti-XSS changes, related to savannah bug #13863
> * FUDForum Information Disclosure - CAN-2005-2600
> * Disabled XMLRPC until more resources are available -
> CAN-2005-2498
>
> Disabling of XMLRPC is regrettable but unavoidable. phpGroupWare's
> XMLRPC code is a bastardized version of phpxmlrpc. Our XMLRPC code is
> currently unmaintained and we did not have the resources available to
> merge and test the changes require. Instead of delaying the release any
> more we chose to disable functionality. If you wish to contribute to
> fixing our XMLRPC support please contact me directly.
>
> As always grab it from our download section -
> http://download.phpgroupware.org/now
>
> Cheers
>
> Dave
> --
> Dave Hall (aka skwashd)
> API Coordinator
> phpGroupWare
> -------------------------------------------------------------------------
> Do you think if Bill Gates got laid in high school, do you think there'd
> be a Microsoft? Of course not.
> Underwear Goes Inside The Pants by Lazy Boy
>
>
>
> _______________________________________________
> Phpgroupware-users mailing list
> address@hidden
> http://lists.gnu.org/mailman/listinfo/phpgroupware-users
>
>