Does Smarty security vulnerability affect 1.2.1?
Does Smarty security vulnerability affect 1.2.1?
2.6.19 version of Smarty fixes a search string handling vulnerability in Smarty. Does the vulnerability affect Serendipity stable release 1.2.1 too? I notice there is modifier.regex_replace.php under serendipity/bundled-libs/Smarty/libs/plugins, and it dates earlier than 11-Feb-2008 (the date Smarty got fixed).
-
garvinhicking
- Core Developer
- Posts: 30022
- Joined: Tue Sep 16, 2003 9:45 pm
- Location: Cologne, Germany
- Contact:
Re: Does Smarty security vulnerability affect 1.2.1?
Hi!
Yes, but 1.3 will be released today as well. It only affects you if you give people FTP access to your templates; usually this is not such a big problem for s9y blogs; if someone has FTP access he could do other things already
Regards,
Garvin
Yes, but 1.3 will be released today as well. It only affects you if you give people FTP access to your templates; usually this is not such a big problem for s9y blogs; if someone has FTP access he could do other things already
Regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/