As many already know, a serious security issue was fixed in the 2.3 timeframe. It does not affect all installations specifically installations with databases such as MySql which disallow multiple queries to be executed at once. Still for those who are affected this is quite serious and I believe in taking a proactive stance on security.
I would like to send a security advisory email to the users list which says the following: 1. Explain the problem clearly but without any sample exploit. 2. Provide a groovy snippet to test if a database allows multiple queries. 3. Provide a link to the patch which was used to plug the hole in 2.3 so security concerned users who are unable to upgrade may include it in custom builds. This patch is simplistic and likely to apply cleanly or with little work on all versions. WDYT? Caleb _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
