Security vulnerabilities OO < 9.1
32 views
Skip to first unread message
glareff
Sep 29, 2014, 3:22:51 AM9/29/14
to open...@googlegroups.com
Dear Devs,
Regarding your statement 11/8/2013 at https://groups.google.com/forum/#!topic/openolat/vFkDt_z29ng
"it also addresses severe security vulnerability recently discovered in a security audit throughout the entire system"
We are running a modified OO version 8.4 in our environment.Unfortunately upgrading is a costly option for us, due to the number of modifications that we have carried out on the 8.4 codebase. The presence of a known vulnerability is a huge problem, so I am trying to find any information about it (JIRA does not allow me to look up OO-689). Would you perhaps be so kind to share the nature and details of the vulnerability and and what you did to fix it?
Many thanks and best regards,
Ilya
Regarding your statement 11/8/2013 at https://groups.google.com/forum/#!topic/openolat/vFkDt_z29ng
"it also addresses severe security vulnerability recently discovered in a security audit throughout the entire system"
We are running a modified OO version 8.4 in our environment.Unfortunately upgrading is a costly option for us, due to the number of modifications that we have carried out on the 8.4 codebase. The presence of a known vulnerability is a huge problem, so I am trying to find any information about it (JIRA does not allow me to look up OO-689). Would you perhaps be so kind to share the nature and details of the vulnerability and and what you did to fix it?
Many thanks and best regards,
Ilya
Florian Gnägi
Sep 29, 2014, 4:23:04 AM9/29/14
to open...@googlegroups.com
Hi Ilya
Have a look at
maybe more in other commit sets.
Old OpenOLAT (and OLAT versions are not properly hardened against XSS attacks. Consider upgrading to 10.0 instead of patching your code. You will have many other benefits from upgrading to OpenOLAT 10 (which we will introduce on this list today or tomorrow).
Cheers
Florian
--
--
Sie erhalten diese Nachricht, weil Sie Mitglied sind von Google
Groups-Gruppe "OpenOLAT".
Für das Erstellen von Beiträgen in dieser Gruppe senden Sie eine E-Mail
an open...@googlegroups.com
Um sich von dieser Gruppe abzumelden, senden Sie eine E-Mail an
openolat+u...@googlegroups.com
Weitere Optionen finden Sie in dieser Gruppe unter
http://groups.google.com/group/openolat?hl=de
-------------------------------------------------------------------------------------------------------------------
OpenOLAT - infinite learning - http://www.openolat.org
---
You received this message because you are subscribed to the Google Groups "OpenOLAT" group.
To unsubscribe from this group and stop receiving emails from it, send an email to openolat+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--------------------------------------------------------------------
--------------------------------------------------------------------
professional services for the e-learning system OpenOLAT and OLATpro
hosting - operating - support - development - mobile - consulting
--------------------------------------------------------------------
frentix GmbH
Florian Gnägi, Geschäftsführer
Hardturmstrasse 76
CH-8005 Zürich, Switzerland
glareff
Sep 29, 2014, 4:34:03 AM9/29/14
to open...@googlegroups.com
Thanks a lot Florian!
--------------------------------------------------------------------
...<span clas
Reply all
Reply to author
Forward
0 new messages