Author Topic: Security Hint  (Read 4016 times)

Offline DarkViper

  • Forum administrator
  • *****
  • Posts: 2978
  • Gender: Female
Security Hint
« on: November 27, 2013, 01:23:04 PM »
Last days we got a message that one of a 3thParty package, used in WebsiteBaker, contains a minor security issue. It is not a High-Risk-Level but anyway.

The endangered package  you can find in wb/includes/idna_convert/.
There is a CSRF issue in the file examples.php. This file itself is never needed by WebsiteBaker and can/should be deleted from webspaces as soon as possible.

There is no fix/patch planned against.
To solve these problem, from next official release of WB the file is encapsulated in a ZIP archive, so there is no more possibility to call it from outside.
Der blaue Planet - er ist nicht unser Eigentum - wir haben ihn nur von unseren Nachkommen geliehen

"You have to take the men as they are… but you can not leave them like that !" :-P
Das tägliche Stoßgebet: Oh Herr, wirf ihnen Hirn vom Himmel !

 

postern-length