Pull requests are open: https://github.com/owncloud/3rdparty/pull/77 https://github.com/owncloud/core/pull/7480
Take care, Tom Am Freitag, den 28.02.2014 um 16:38 schrieb Thomas Müller: > Thanks for the notification! > > The XXE issue is already patch in our codebase which will be released with > 6.0.2 and 5.0.15. > The fpassthru issue is only relevant for osx on server side - right? > > Take care, > > Tom > > > Am Freitag, den 28.02.2014 um 16:15 schrieb Thomas Tanghus: > > > > ---------- Forwarded Message ---------- > > > > Subject: SabreDAV 1.7.11 and 1.8.9 released, fixing two critical issues > > Date: Wednesday 26 February 2014, 14:37 > > From: Evert Pot <[email protected]> > > To: [email protected] > > > > Hi everyone, > > > > We just released SabreDAV 1.7.11 and 1.8.9. Both of these releases fix two > > critical issues. > > > > Upgrade by running: > > > > composer upgrade sabre/dav > > > > or grab the zips from: > > > > https://github.com/fruux/sabre-dav/releases > > This release fixes a security issue and an issue related to large files in > > SabreDAV. > > > > *XXE issue* > > > > Previous SabreDAV versions had a security issue, if running on the > > following PHP versions > > > > * PHP 5.3, older than 5.3.23 > > * PHP 5.4, older than 5.4.13 > > * PHP 5.5 is not affected by this. > > > > You are strongly recommended to upgrade, as the security issue could expose > > local files or easily trigger a DOS attack. > > > > More information here: > > <http://websec.io/2012/08/27/Preventing-XEE-in-PHP.html> > > > > *Large file support* > > > > It was also discovered that SabreDAV can often not serve files larger than > > 2GB, due to a bug in PHP's fpassthru method. > > > > If you ran into this issue, update sabredav. We are now no longer using > > fpasshtru. > > > > More information here: http://evertpot.com/fpassthru-broken/ > > > > > > -- > > You received this message because you are subscribed to the Google Groups > > "SabreDAV Discussion" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to [email protected]. > > To post to this group, send email to [email protected]. > > Visit this group at http://groups.google.com/group/sabredav-discuss. > > For more options, visit https://groups.google.com/groups/opt_out. > > ----------------------------------------- > > -- > > Med venlig hilsen / Best Regards > > > > Thomas Tanghus > > _______________________________________________ > > Devel mailing list > > [email protected] > > http://mailman.owncloud.org/mailman/listinfo/devel > > > _______________________________________________ > Devel mailing list > [email protected] > http://mailman.owncloud.org/mailman/listinfo/devel > _______________________________________________ Devel mailing list [email protected] http://mailman.owncloud.org/mailman/listinfo/devel
