I didn't get a chance to announce version 3.1.0b4 over the "holiday break." Basically the changes include fixes for memory leaks in htnotify and htsearch (that "20x performance decrease") and a BIG SECURITY HOLE in htnotify. Let me make this very clear: if you use htnotify, either upgrade to 3.1.0b4 or don't use htnotify. Period. The hole allows malicious users to execute commands running as the same user as that running htnotify. This occurs when htnotify runs in to a webpage with a malicious tag. It does not occur when using htdig, htmerge, htfuzzy, or htsearch. I do not know of any cases where this hole has been used. It is present in all of the 3.1.0bX versions up to 3.1.0b4. It may be present, though to a lesser degree, in previous versions. -Geoff Hutchison Williams Students Online http://wso.williams.edu/ ---------------------------------------------------------------------- To unsubscribe from the htdig mailing list, send a message to [EMAIL PROTECTED] containing the single word "unsubscribe" in the body of the message.
