1.9.5.1 and 2.0.1 Released
12 views
Skip to first unread message
Maria Ahues Bouza
May 25, 2012, 3:41:07 PM5/25/12
to dot...@googlegroups.com
Hello,
dotCMS takes security very seriously. We learned about a vulnerability
that allows users with the backend administrative access to create a
malicious template with arbitrary code so we are releasing a security
patch to both the 1.9.5 and 2.0 series.
The patch prevents commands from executing commands within with the
XSLT Viewtool and within Velocity.
2.0.1 also applied some fixes on the upgrade process when upgrading from 1.9.x
You can download the releases from www.dotcms.com/downloads.
The files ending with _update.zip can be downloaded and passed into
the Autoupdater with the -file option if you don't want the
Autoupdater to download the file automatically or if there is a
download failure due to connectivity.
You can find more information about this vulnerabiity on the US-CERT site.
http://www.kb.cert.org/vuls/id/898083
Sincerely,
Maria
--
Community Manager
dotCMS
Main: 305.900.2001
Fax: 305.397.2579
www.dotcms.com
http://www.twitter.com/dotCMS
http://www.facebook.com/dotCMS
http://www.twitter.com/mabouza
Please consider the planet before printing this email.
dotCMS takes security very seriously. We learned about a vulnerability
that allows users with the backend administrative access to create a
malicious template with arbitrary code so we are releasing a security
patch to both the 1.9.5 and 2.0 series.
The patch prevents commands from executing commands within with the
XSLT Viewtool and within Velocity.
2.0.1 also applied some fixes on the upgrade process when upgrading from 1.9.x
You can download the releases from www.dotcms.com/downloads.
The files ending with _update.zip can be downloaded and passed into
the Autoupdater with the -file option if you don't want the
Autoupdater to download the file automatically or if there is a
download failure due to connectivity.
You can find more information about this vulnerabiity on the US-CERT site.
http://www.kb.cert.org/vuls/id/898083
Sincerely,
Maria
--
Community Manager
dotCMS
Main: 305.900.2001
Fax: 305.397.2579
www.dotcms.com
http://www.twitter.com/dotCMS
http://www.facebook.com/dotCMS
http://www.twitter.com/mabouza
Please consider the planet before printing this email.
Reply all
Reply to author
Forward
0 new messages