On Thu, Mar 4, 2010 at 4:33 PM, Dano <[email protected]> wrote:
> Just saw that Lift 2.0-M3 was released. I looked to see if the > vulnerability was still present in demo.liftweb.net And the astute and not-so-astute observer will note at the bottom of each page on demo.liftweb.net: Lift version 1.1-SNAPSHOT built on Tue Nov 24 13:58:20 PST 2009. If you have a reproducible case (running against Lift 2.0-M3 or 2.0-SNAPSHOT) of the security vulnerability, you are welcome to submit it as a ticket. > and I am still > able to generate exceptions in the browser when I paste binary > characters in the textfields for the Wizard, Wizard Challenge, and Arc > Challenge examples in the Misc section. > > Don't know if this remaining problem is supposed to be handled by the > application or framework, but thought I would make a post to alert the > group. > > > Dan > > On Feb 24, 11:49 am, Dano <[email protected]> wrote: > > The recent scala days conference activity may have cause the updates > > to this thread to escape notice. Just wondering if there is concern > > about the remaining binary character problems I noted in my prior > > post. > > > > Thanks in advance. > > > > Dan > > > > On Feb 22, 1:34 pm, Dano <[email protected]> wrote: > > > > > More information on this in case anyone is interested. If you go to > > > theliftdemo website, it appears the issue with characters is mostly > > > addressed except for the "Misc code" section. Specifically, the > > > "Wizard", "Wizard Challenge" and "Arc Challenge #1" examples will > > > generate XML parsing errors. > > > > > For these problems, I am not sure if the issue if the example or the > > > framework. If the issue is with the example, it would be good to know > > > whatLiftapps need to do to avoid getting bitten by binary characters > > > entered into form fields. > > > > > Thanks in advance. > > > > > Dan > > > > > On Feb 17, 11:06 am, Dano <[email protected]> wrote: > > > > > > Hello, > > > > > > I was wondering if the fix for the control characters issue was > > > > included in 2.0-M2. I just did a test with ourLiftapplication built > > > > with 2.0-M2 and I am still seeing problems (i.e. javascript > exceptions > > > > - NS_ERROR_INVALID_POINTER). > > > > > > Thanks in advance. > > > > > > Dan > > > > > > On Feb 3, 9:08 am, David Pollak <[email protected]> > wrote: > > > > > > > Thanks for pointing that out. There are other problems as well... > I'll fix > > > > > them (in both the Scala andLiftdiffs) > > > > > > > On Wed, Feb 3, 2010 at 7:39 AM, Feng Zhang <[email protected]> > wrote: > > > > > > I found that in the fix, \n is changed to \t, while \t to \n. Is > this > > > > > > desired behavior? > > > > > > > > Thank you, > > > > > > > > Feng > > > > > > > > On Wed, Feb 3, 2010 at 9:20 AM, Indrajit Raychaudhuri < > [email protected] > > > > > > > wrote: > > > > > > > >> 1. Fix in head/master (2.0-SNAPSHOT) and prepone 2.0-M2. > > > > > > > >> 2. Backport in 1.0.x branch and spin 1.0.4. We haven't marked > 1.0.x > > > > > >> 'unsupported' yet. Forcing apps to move to 2.0-M2 just for this > > > > > >> vulnerability fix isn't fun. > > > > > > > >> Cheers, Indrajit > > > > > > > >> On 03/02/10 3:34 PM, Timothy Perrett wrote: > > > > > > > >>> +1 > > > > > > > >>> Fix it in head, no need to back-port; M2 is only around the > corner. > > > > > > > >>> Cheers, Tim > > > > > > > >>> On 3 Feb 2010, at 09:49, Jeppe Nejsum Madsen wrote: > > > > > > > >>> David Pollak<[email protected]> writes: > > > > > > > >>>> I'd like to get a sense of how important the community views > this > > > > > >>>>> defect. > > > > > >>>>> Is it a "backport the fix to every milestone and release > yesterday" or > > > > > >>>>> is it > > > > > >>>>> a "fix it in 2.0-M2" or someplace in between. > > > > > > > >>>> For me, it's fix it in 2.0-SNAPSHOT > > > > > > > >>>> /Jeppe > > > > > > > >>>> -- > > > > > >>>> You received this message because you are subscribed to the > Google > > > > > >>>> Groups "Lift" group. > > > > > >>>> To post to this group, send email to [email protected] > . > > > > > >>>> To unsubscribe from this group, send email to > > > > > >>>> [email protected]<liftweb%[email protected]> > <liftweb%[email protected]<liftweb%[email protected]>> > > > > > >>>> . > > > > > >>>> For more options, visit this group at > > > > > >>>>http://groups.google.com/group/liftweb?hl=en. > > > > > > > >> -- > > > > > >> You received this message because you are subscribed to the > Google Groups > > > > > >> "Lift" group. > > > > > >> To post to this group, send email to [email protected]. > > > > > >> To unsubscribe from this group, send email to > > > > > >> [email protected]<liftweb%[email protected]> > <liftweb%[email protected]<liftweb%[email protected]>> > > > > > >> . > > > > > >> For more options, visit this group at > > > > > >>http://groups.google.com/group/liftweb?hl=en. > > > > > > > > -- > > > > > > You received this message because you are subscribed to the > Google Groups > > > > > > "Lift" group. > > > > > > To post to this group, send email to [email protected]. > > > > > > To unsubscribe from this group, send email to > > > > > > [email protected]<liftweb%[email protected]> > <liftweb%[email protected]<liftweb%[email protected]>> > > > > > > . > > > > > > For more options, visit this group at > > > > > >http://groups.google.com/group/liftweb?hl=en. > > > > > > > -- > > > > >Lift, the simply functional web frameworkhttp://liftweb.net > > > > > Beginning Scalahttp://www.apress.com/book/view/1430219890 > > > > > Follow me:http://twitter.com/dpp > > > > > Surf the harmonics > > -- > You received this message because you are subscribed to the Google Groups > "Lift" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<liftweb%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/liftweb?hl=en. > > -- Lift, the simply functional web framework http://liftweb.net Beginning Scala http://www.apress.com/book/view/1430219890 Follow me: http://twitter.com/dpp Surf the harmonics -- You received this message because you are subscribed to the Google Groups "Lift" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/liftweb?hl=en.
