On Friday 28 February 2014 16:58 Thomas Müller wrote: > Pull requests are open: > https://github.com/owncloud/3rdparty/pull/77 > https://github.com/owncloud/core/pull/7480 > > Take care,
Awesome. Have visitors so didn't have time for more than forwarding the message :) > Tom > > Am Freitag, den 28.02.2014 um 16:38 schrieb Thomas Müller: > > Thanks for the notification! > > > > The XXE issue is already patch in our codebase which will be released with > > 6.0.2 and 5.0.15. The fpassthru issue is only relevant for osx on server > > side - right? > > > > Take care, > > > > Tom > > > > Am Freitag, den 28.02.2014 um 16:15 schrieb Thomas Tanghus: > > > ---------- Forwarded Message ---------- > > > > > > Subject: SabreDAV 1.7.11 and 1.8.9 released, fixing two critical issues > > > Date: Wednesday 26 February 2014, 14:37 > > > From: Evert Pot <[email protected]> > > > To: [email protected] > > > > > > Hi everyone, > > > > > > We just released SabreDAV 1.7.11 and 1.8.9. Both of these releases fix > > > two > > > critical issues. > > > > > > Upgrade by running: > > > > > > composer upgrade sabre/dav > > > > > > or grab the zips from: > > > > > > https://github.com/fruux/sabre-dav/releases > > > This release fixes a security issue and an issue related to large files > > > in > > > SabreDAV. > > > > > > *XXE issue* > > > > > > Previous SabreDAV versions had a security issue, if running on the > > > following PHP versions > > > > > > * PHP 5.3, older than 5.3.23 > > > * PHP 5.4, older than 5.4.13 > > > * PHP 5.5 is not affected by this. > > > > > > You are strongly recommended to upgrade, as the security issue could > > > expose > > > local files or easily trigger a DOS attack. > > > > > > More information here: > > > <http://websec.io/2012/08/27/Preventing-XEE-in-PHP.html> > > > > > > *Large file support* > > > > > > It was also discovered that SabreDAV can often not serve files larger > > > than > > > 2GB, due to a bug in PHP's fpassthru method. > > > > > > If you ran into this issue, update sabredav. We are now no longer using > > > fpasshtru. > > > > > > More information here: http://evertpot.com/fpassthru-broken/ > > > > _______________________________________________ > > Devel mailing list > > [email protected] > > http://mailman.owncloud.org/mailman/listinfo/devel > > _______________________________________________ > Devel mailing list > [email protected] > http://mailman.owncloud.org/mailman/listinfo/devel -- Med venlig hilsen / Best Regards Thomas Tanghus _______________________________________________ Devel mailing list [email protected] http://mailman.owncloud.org/mailman/listinfo/devel
