BETA v3.3.5 beta 3 - Printable Version +- GetSimple Support Forum (http://get-simple.info/forums) +-- Forum: GetSimple (http://get-simple.info/forums/forumdisplay.php?fid=3) +--- Forum: GS Development Testing - (alpha/beta) (http://get-simple.info/forums/forumdisplay.php?fid=14) +--- Thread: BETA v3.3.5 beta 3 (/showthread.php?tid=6951) |
v3.3.5 beta 3 - shawn_a - 2014-12-03 http://get-simple.info/download FIX: #974 files does not show permissions on windows FIX: #973 image.php dir traversal SECURITY FIX: #972 log.php xss SECURITY FIX: #971 prevent backend in frames x-frame policy SECURITY FIX: #970 better cookie security SECURITY FIX: #969 backup-edit traversal SECURITY FIX: #966 Security vulns SECURITY FIX: #965 corrupt page fatal error FIX: #948 Fatal Error => zip-Backup FIX: #945 placeholder confusion FIX: #944 XML External Entity (XXE) Vulnerability in admin/api.php SECURITY FIX: #979 some debug info when uploading image FIX: #996 Reverse Proxy : url detection Mostly low risk security fixes for targeted and drive by attacks and some reported fatal error handling. Things that this release will break Loading back end pages in a frame is by default not allowed via x-frame header, can be disabled. Cookies will probably break and you will need to login, cookies now flagged with httponly attempting to use image.php with ../ to process files outside of data/uploads, no longer works. RE: v3.3.5 beta 1 - marrco - 2014-12-28 I'm testing it right now. So far so good. BTW i've used https://github.com/Voog/wysihtml on a different project and i like it. Do you think it could be a good page editor for gs? RE: v3.3.5 beta 1 - Carlos - 2015-01-16 No issues found so far (b1 and b2) RE: v3.3.5 beta 1 - Nokes - 2015-01-18 Can you add a option for title tag? I didn't like this '<' RE: v3.3.5 beta 1 - Carlos - 2015-01-19 That's in your template. Edit it and change < by a slash (or what you wish) RE: v3.3.5 beta 3 - shawn_a - 2015-01-19 b3 adds a minor fix to myself() by returning only basename() I did a search across all my test plugins and didn't see any probable issues |