Page 1 of 1
Does Smarty security vulnerability affect 1.2.1?
Posted: Tue Mar 18, 2008 9:44 am
by Lynoure
2.6.19 version of Smarty fixes a search string handling vulnerability in Smarty. Does the vulnerability affect Serendipity stable release 1.2.1 too? I notice there is modifier.regex_replace.php under serendipity/bundled-libs/Smarty/libs/plugins, and it dates earlier than 11-Feb-2008 (the date Smarty got fixed).
Re: Does Smarty security vulnerability affect 1.2.1?
Posted: Tue Mar 18, 2008 10:09 am
by garvinhicking
Hi!
Yes, but 1.3 will be released today as well. It only affects you if you give people FTP access to your templates; usually this is not such a big problem for s9y blogs; if someone has FTP access he could do other things already
Regards,
Garvin
Posted: Tue Mar 18, 2008 11:43 am
by Lynoure
Ok, thanks.