You are here: Foswiki>Support Web>KnownIssuesOfFoswiki01x00>SecurityAlerts (28 Aug 2011, KennethLavrsen) Edit this topic text (e) Attach an image or document to this topic; manage existing attachments (a) View sequential topic history View without formatting (v) Create new topic Printable version of this topic (p) More: delete or rename this topic; set parent topic; view and compare revisions (m)

Security Alerts for Foswiki

  • ALERT! Security Alert: SlideShowPlugin should be updated to version 2.1.4 or later to close a cross site scripting vulnerability. All Foswiki versions are affected but the plugin can be updated in minutes from configure or manually by downloading and replacing the plugin from SlideShowPlugin

  • ALERT! Security Alert: A normal user can alter topic preferences using the "Edit topic preference settings" feature and save them even though he has no privileges to edit the topic.
    • Description available in SecurityAlertCVE20104215. Only versions 1.1.0 and 1.1.1 are affected. It is fixed in Foswiki release 1.1.2 released 10 Nov 2010.

ALERT! NOTE: Please put any general security questions in the Support web, as support questions. New security holes found should follow the SecurityAlertProcess and any public discussion must be avoided. Ie. do not raise security reports as public bugs or support questions.

You can read the FAQ topic How to secure Foswiki against attacks
Edit | Attach | Print version | History: r9 < r8 < r7 < r6 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r9 - 28 Aug 2011 - 21:36:59 - KennethLavrsen
 
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. see CopyrightStatement. Creative Commons LicenseGet Foswiki at sourceforge.net. Fast, secure and Free Open Source software downloads