GetSimple Support Forum
BETA v3.3.5 beta 3 - Printable Version

+- GetSimple Support Forum (http://get-simple.info/forums)
+-- Forum: GetSimple (http://get-simple.info/forums/forumdisplay.php?fid=3)
+--- Forum: GS Development Testing - (alpha/beta) (http://get-simple.info/forums/forumdisplay.php?fid=14)
+--- Thread: BETA v3.3.5 beta 3 (/showthread.php?tid=6951)



v3.3.5 beta 3 - shawn_a - 2014-12-03

http://get-simple.info/download

FIX: #974 files does not show permissions on windows
FIX: #973 image.php dir traversal SECURITY
FIX: #972 log.php xss SECURITY
FIX: #971 prevent backend in frames x-frame policy SECURITY
FIX: #970 better cookie security SECURITY
FIX: #969 backup-edit traversal SECURITY
FIX: #966 Security vulns SECURITY
FIX: #965 corrupt page fatal error
FIX: #948 Fatal Error => zip-Backup
FIX: #945 placeholder confusion
FIX: #944 XML External Entity (XXE) Vulnerability in admin/api.php SECURITY
FIX: #979 some debug info when uploading image
FIX: #996 Reverse Proxy : url detection

Mostly low risk security fixes for targeted and drive by attacks
and some reported fatal error handling.

Things that this release will break

Loading back end pages in a frame is by default not allowed via x-frame header, can be disabled.
Cookies will probably break and you will need to login, cookies now flagged with httponly
attempting to use image.php with ../ to process files outside of data/uploads, no longer works.


RE: v3.3.5 beta 1 - marrco - 2014-12-28

I'm testing it right now. So far so good.

BTW i've used https://github.com/Voog/wysihtml on a different project and i like it. Do you think it could be a good page editor for gs?


RE: v3.3.5 beta 1 - Carlos - 2015-01-16

No issues found so far (b1 and b2)


RE: v3.3.5 beta 1 - Nokes - 2015-01-18

Can you add a option for title tag? I didn't like this '<'


RE: v3.3.5 beta 1 - Carlos - 2015-01-19

That's in your template. Edit it and change &lt; by a slash (or what you wish)


RE: v3.3.5 beta 3 - shawn_a - 2015-01-19

b3 adds a minor fix to myself() by returning only basename()
I did a search across all my test plugins and didn't see any probable issues