Release Notes:

This release is identical to 5.4.5, but with the addition of all patches
included in 5.5.0.

These patches, related to the database backends, include code to
protect against SQL exploits (where user-entered data isn't escaped
before placing it in a query).  All queries are built with a modified
version of sprintf that escapes dangerous characters from strings.

5.5.0 has been out for over 3 months with some people using it in
production environments without any reports of problems. Even so,
this will be a devel release until others can do more production testing.


Tom Collins
- Consolidate table creation code in vmysql.c and vpgsql.c.
- Increase SQL_BUF_SIZE from 600 to 2048 for Oracle, Postgres
  and Sybase.
- Add qnprintf() to vpopmail.c for escaping strings in SQL queries.
- Use qnprintf() when building queries in vmysql.c, vpgsql.c,
  voracle.pc, and vsybase.c.
- Multiple fixes to vpgsql.c related to freeing PGresults and
  attempting to access NULL PGresults when reporting errors.

Reply via email to