Follow-up Comment #1, bug #35388 (project mhonarc): Posting this as a security bug in savannah didn't have the effect I intended -- it is marked as private in savannah, but unfortunately it showed up in the mhonarc-dev archives in mhonarc.org as a public post. So I went ahead and patched it as suggested on our site; it has been working well for us. We would appreciate that this patch (or something equivalent) is integrated onto the next version of Mhonarc.
All sites using PHP for archives are affected by this PHP injection bug; it's quite possible that sites using other languages are similarly affected too. _______________________________________________________ Reply to this item at: <http://savannah.nongnu.org/bugs/?35388> _______________________________________________ Message sent via/by Savannah http://savannah.nongnu.org/ --------------------------------------------------------------------- To sign-off this list, send email to majord...@mhonarc.org with the message text UNSUBSCRIBE MHONARC-DEV