[pmwiki-announce] PmWiki 2.2.28 released
Petko Yotov
5ko at 5ko.fr
Sat Jul 23 20:36:48 CDT 2011
Hello. PmWiki version 2.2.28 was published today, and is available at :
http://www.pmwiki.org/pub/pmwiki/pmwiki-2.2.28.tgz
http://www.pmwiki.org/pub/pmwiki/pmwiki-2.2.28.zip
svn://www.pmwiki.org/pmwiki/tags/latest
This version fixes 2 potential XSS vulnerabilities that could allow an
attacker, via a specifically crafted link, to display arbitrary HTML and/or
JavaScript to the user who follows this link.
A bug with the "Path:" intermap links was fixed: it was possible to insert
external links which bypass the Url Approval mechanism or contain JavaScript.
This exploit required edit permissions on the wiki.
The documentation was updated to its latest state on pmwiki.org.
Upgrade from previous PmWiki versions should be easy.
Thanks,
Petko
--
Change log : http://www.pmwiki.org/wiki/PmWiki/ChangeLog
Release notes : http://www.pmwiki.org/wiki/PmWiki/ReleaseNotes
If you upgrade : http://www.pmwiki.org/wiki/PmWiki/Upgrades
More information about the pmwiki-announce
mailing list