Really? That is strange because when you go to http://classic.helma.at/hannes/xmlrpc/ which is the old site of the helma release it points you to the Apache site because Apache adopted the Helma code.
So why is the software I point to totally different? Is it not the software that Apache adopted (and modified later)? -Don -----Original Message----- From: Georg Sauer-Limbach [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 02, 2006 5:38 PM To: [email protected] Subject: Re: XML-RPC security question and Apache implementation [EMAIL PROTECTED] wrote: > So I was just wondering > if the Apache implementation patched this problem. > > http://xmlrpc-c.sourceforge.net/hacks/helma-xmlrpc-introspection.diff This software you are pointing to is totally different from Apache's XML-RPC implementation. The bugs and security wholes were in that other software, not in Apache XML-RPC. Georg
