[pmwiki-users] PmWiki 2.1.18 released

Hsing-Foo Wang hsingfoo at gmail.com
Mon Aug 28 15:16:21 CDT 2006

Very much apreciate the swift response and openness!


On 8/28/06, Patrick R. Michaud <pmichaud at pobox.com> wrote:
> I've just released pmwiki 2.1.18, available from
>     http://www.pmwiki.org/pub/pmwiki/pmwiki-2.1.18.tgz
>     http://www.pmwiki.org/pub/pmwiki/pmwiki-2.1.18.zip
>     http://www.sourceforge.net/projects/pmwiki
>     svn://pmwiki.org/pmwiki/tags/latest
> The primary purpose of this release is to close a potential
> cross-site scripting vulnerability that could allow an attacker
> to inject Javascript statements for execution on visitors' browsers.
> No known actual exploits of this vulnerability have been reported,
> but the vulnerability has been publicly reported on the
> pmwiki-users mailing list.
> For those who are running older versions of PmWiki, the vulnerability
> can be avoided by either upgrading to this release, or by restricting
> page editing privileges to trusted individuals.  If upgrading poses
> a difficulty for any site, please contact pmichaud at pobox.com for
> assistance and a patch for older versions of PmWiki can be made
> available.
> In addition to the security-related fix just mentioned, this release
> adds support for image-based form input controls via the
> (:input image:) tag.
> Lastly, a problem with ?action=print failing to set the {$Action}
> variable properly has been fixed.
> Comments, questions welcome as always.
> Pm
> _______________________________________________
> pmwiki-users mailing list
> pmwiki-users at pmichaud.com
> http://www.pmichaud.com/mailman/listinfo/pmwiki-users

More information about the pmwiki-users mailing list