[pmwiki-announce] PmWiki 2.2.28 released

Petko Yotov 5ko at 5ko.fr
Sat Jul 23 20:36:48 CDT 2011


Hello. PmWiki version 2.2.28 was published today, and is available at :

    http://www.pmwiki.org/pub/pmwiki/pmwiki-2.2.28.tgz
    http://www.pmwiki.org/pub/pmwiki/pmwiki-2.2.28.zip
     svn://www.pmwiki.org/pmwiki/tags/latest

This version fixes 2 potential XSS vulnerabilities that could allow an 
attacker, via a specifically crafted link, to display arbitrary HTML and/or 
JavaScript to the user who follows this link.

A bug with the "Path:" intermap links was fixed: it was possible to insert 
external links which bypass the Url Approval mechanism or contain JavaScript. 
This exploit required edit permissions on the wiki.

The documentation was updated to its latest state on pmwiki.org.

Upgrade from previous PmWiki versions should be easy.

Thanks,
Petko
--
Change log     :  http://www.pmwiki.org/wiki/PmWiki/ChangeLog
Release notes  :  http://www.pmwiki.org/wiki/PmWiki/ReleaseNotes
If you upgrade :  http://www.pmwiki.org/wiki/PmWiki/Upgrades



More information about the pmwiki-announce mailing list