New docs?, posted by PJ Meyer on Thu Dec 22 01:17:12 2005
|
Just looked at change log for 2.6
was wondering where the documentation for the new additions/changes is/are. |
Re: New docs?, posted by Stefan Ritt on Thu Dec 22 08:58:25 2005
|
| PJ Meyer wrote: | Just looked at change log for 2.6
was wondering where the documentation for the new additions/changes is/are. |
I usually keep http://midas.psi.ch/elog/config.html up-to-date, but I agree that it's a bit hard to find the additions there, that's why there is the change log 
The ELCode is described on a separate page, which can also be accessed by clicking on the ELCode link below the text box of the logbook entry page. |
Buffer Overflow?, posted by Chris Warner on Wed Jan 18 17:20:45 2006
|
Users can access root level directories by using a modified URL. I saw on some security web sites that this was a problem in previous versions. Was it not fixed in 2.6?
To recreate enter http://yourhost.yourdomain.com/../../../../etc/passwd
view your password file in the browser.
If this was previously reported, is there a fix?
Chris Warner |
|
Re: Buffer Overflow?, posted by Stefan Ritt on Thu Jan 19 10:31:05 2006
|
| Chris Warner wrote: | Users can access root level directories by using a modified URL. I saw on some security web sites that this was a problem in previous versions. Was it not fixed in 2.6?
To recreate enter http://yourhost.yourdomain.com/../../../../etc/passwd
view your password file in the browser.
If this was previously reported, is there a fix?
Chris Warner |
Thanks for telling me, I didn't know. I was able to reproduce your problem under certain conditions, and I just released version 2.6.1 to fix it. However it has nothing to do with an old buffer overflow (see elog:941).
I would strongly advise everybody to upgrade as soon as possible. |
Re: Buffer Overflow?, posted by Chris Warner on Fri Jan 20 02:53:40 2006
|
| Stefan Ritt wrote: |
| Chris Warner wrote: | Users can access root level directories by using a modified URL. I saw on some security web sites that this was a problem in previous versions. Was it not fixed in 2.6?
To recreate enter http://yourhost.yourdomain.com/../../../../etc/passwd
view your password file in the browser.
If this was previously reported, is there a fix?
Chris Warner |
Thanks for telling me, I didn't know. I was able to reproduce your problem under certain conditions, and I just released version 2.6.1 to fix it. However it has nothing to do with an old buffer overflow (see elog:941).
I would strongly advise everybody to upgrade as soon as possible. |
Thanks for the quick response! |
|
Numerous questions that I am hoping to get a response on, posted by Steve Jones on Mon Apr 3 16:31:37 2006
|
Stefan, I have several issues/questions that I am still hoping to get an answer on. Any chance? If you would rather you can send email to me directly.
Thanks
Steve |
|
Re: Numerous questions that I am hoping to get a response on, posted by Stefan Ritt on Mon Apr 3 16:32:52 2006
|
| Steve Jones wrote: | | Stefan, I have several issues/questions that I am still hoping to get an answer on. Any chance? If you would rather you can send email to me directly. |
I'm pretty busy these days, since we have a deadline on April 18th. I started already working weekends, so not much time is left for ELOG. But I hope it will get better by the end of this month. |
Re: Numerous questions that I am hoping to get a response on, posted by Steve Jones on Mon Apr 3 16:39:33 2006
|
| Steve Jones wrote: |
| Stefan Ritt wrote: |
| Steve Jones wrote: | | Stefan, I have several issues/questions that I am still hoping to get an answer on. Any chance? If you would rather you can send email to me directly. |
I'm pretty busy these days, since we have a deadline on April 18th. I started already working weekends, so not much time is left for ELOG. But I hope it will get better by the end of this month. |
I fully understand and appreciate your response! |
|