Ok, I think i've found where the security changes in 1.3.2 were made.
In the release notes it states:
1.3.3 (2005-10-20)
- (2005/10/17) added security bugfix for missing SQL quote
And I believe the file that the changes were made in is System/DB.pm.
I would kindly ask that any developer that worked on this verify
where the changes were made to fix the security problems with 1.3.2.
We are going to upgrade our installation eventually, but we have made
a number of customizations that will take a while to migrate, so in
the meantime we need to patch our version of 1.3.2. Thanks for your
help.
Mark
On Apr 12, 2007, at 5:41 PM, Mark D. Wallace wrote:
We are running 1.3.2 and have made many mods to the code all the
way to the system files. The issues related to security in 1.3.2
are a top issue for us now. I would like to know if there is a set
of patches that can fix this problem for OTRS 1.3.2, or are there
other suggestions that would expedite getting our installation
secure as soon as possible.
Thanks,
Mark Wallace
_______________________________________________
OTRS mailing list: dev - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/dev
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/dev
_______________________________________________
OTRS mailing list: dev - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/dev
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/dev
