Important -> 1.1.7 and 1.0.6 released

20 views
Skip to first unread message

tpet...@gmail.com

unread,
Dec 14, 2011, 10:18:55 AM12/14/11
to ColdFusion on Wheels
A security vulnerability has been identified in both the 1.1.x and
1.0.x versions of Wheels. In response, the Wheels team is releasing
patches for both the current and legacy versions. Version 1.1.7 is to
address current version and version 1.0.6 is to address legacy
versions.

At this time, we encourage all users of the framework to upgrade as
soon as possible. These new versions contain only the patches
necessary to close the security vulnerability. No new bug fixes or
enhancement features are contained.

The Wheels team would like to thank Pete Freitag of foundeo.com for
reporting and helping to patch the security vulnerability.

you can download from the link below:

http://cfwheels.org/download

Renand

unread,
Dec 14, 2011, 11:11:52 AM12/14/11
to cfwh...@googlegroups.com
Thanks, !!!

Yannick

unread,
Dec 14, 2011, 11:12:55 AM12/14/11
to cfwh...@googlegroups.com
Hi Tony,

Could it possible to have a listing of the files that have been edited because I've had to modify the source.

Thanks


--
You received this message because you are subscribed to the Google Groups "ColdFusion on Wheels" group.
To post to this group, send email to cfwh...@googlegroups.com.
To unsubscribe from this group, send email to cfwheels+u...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/cfwheels?hl=en.




--
Yannick Morin
Co-founder of bizonbytes.com

Scott

unread,
Dec 14, 2011, 11:41:50 AM12/14/11
to ColdFusion on Wheels
Use a diff tool, on windows I like winmerge

On Dec 14, 11:12 am, Yannick <bizonby...@gmail.com> wrote:
> Hi Tony,
>
> Could it possible to have a listing of the files that have been edited
> because I've had to modify the source.
>
> Thanks
>

> On Wed, Dec 14, 2011 at 11:18 AM, tpetru...@gmail.com
> <tpetru...@gmail.com>wrote:

Risto

unread,
Dec 14, 2011, 12:02:34 PM12/14/11
to ColdFusion on Wheels
What was the security vulnerability?

On Dec 14, 10:18 am, "tpetru...@gmail.com" <tpetru...@gmail.com>
wrote:

tpet...@gmail.com

unread,
Dec 14, 2011, 1:10:55 PM12/14/11
to ColdFusion on Wheels
sorry for the delay everyone. i'm in class this week so i'm a little
hard to reach at the moment.

the entire diff for the release:

https://github.com/cfwheels/cfwheels/compare/v1.1.6...v1.1.7

the actual commit for the security fix

https://github.com/cfwheels/cfwheels/commit/564548161f31a3641d0f7dcae09a9188986bf9b0

Tom King

unread,
Dec 15, 2011, 4:20:15 AM12/15/11
to cfwh...@googlegroups.com
Just seen this - which has prompted a request - can we get a cfwheels announcement list?

With projects like Drupal (which admittedly, have a *lot* of 3rd party involvement) there's a security announcement list, which emails if there's a major patch; might be useful as I"m sure a lot of wheels users could miss something on the group (if they like me, don't have the email notifications turned on). It could also be used to announce major version releases etc.

Just a thought!

Andy Bellenie

unread,
Dec 15, 2011, 4:22:35 AM12/15/11
to cfwh...@googlegroups.com
You can subscribe to the blog via email.




--
You received this message because you are subscribed to the Google Groups "ColdFusion on Wheels" group.
To view this discussion on the web visit https://groups.google.com/d/msg/cfwheels/-/-60aOL6tdrQJ.

Tom King

unread,
Dec 15, 2011, 4:30:34 AM12/15/11
to cfwh...@googlegroups.com
Aha - Good call! subscribed :)
Reply all
Reply to author
Forward
0 new messages