Hello. I have released pmwiki-2.2.3 stable today, available at :
http://www.pmwiki.org/pub/pmwiki/pmwiki-2.2.3.tgz
http://www.pmwiki.org/pub/pmwiki/pmwiki-2.2.3.zip
svn://www.pmwiki.org/pmwiki/tags/latest
This release fixes six potential XSS vulnerabilities, reported by Michael
Engelke. The vulnerabilities may affect wikis open for editing and may allow
the injection of external JavaScripts in their pages. Public open wikis
should upgrade.
A new variable $EnableUploadGroupAuth was added; if set to 1, it allows
password-protected uploads to be checked against the Group password. This
variable works with $EnableDirectDownload set to 0.
It is now possible to use @_site_edit, @_site_read, @_site_admin or
@_site_upload global passwords in GroupAttributes pages.
A number of other bugs were fixed, and the documentation was updated.
Thanks,
Petko
_______________________________________________
pmwiki-users mailing list
[email protected]
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
