There is a new security fix available for Lucee 4.5
--
See Lucee at CFCamp Oct 22 & 23 2015 @ Munich Airport, Germany - Get your ticket NOW - http://www.cfcamp.org/
---
You received this message because you are subscribed to the Google Groups "Lucee" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/f2879cb8-ebfa-414c-b8c9-556276e10d17%40googlegroups.com.
The fix is addressing a XSS issue in the Lucee admin. The issue gives you no access to the system.
--
See Lucee at CFCamp Oct 22 & 23 2015 @ Munich Airport, Germany - Get your ticket NOW - http://www.cfcamp.org/
---
You received this message because you are subscribed to the Google Groups "Lucee" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/CAKS-b5tE3acCcbf15-nZNAvkXYbpNinjtv4-o5ONsrJ7w10Y8g%40mail.gmail.com.
if you have locked down "/lucee/" you are fine.
--
See Lucee at CFCamp Oct 22 & 23 2015 @ Munich Airport, Germany - Get your ticket NOW - http://www.cfcamp.org/
---
You received this message because you are subscribed to the Google Groups "Lucee" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/CAKS-b5t_xkotFUqMAY-BURmJkcp4DqyNhAZhwsGL2dk%2BRezYUw%40mail.gmail.com.
Sure we can improve our communication on this, luckily with have not that many security fixes ;-)I'm happy that we had this time a security fix for the stable release, so you don't have to update to the latest BER release to get the fix.
On 6 August 2015 at 15:01, Michael Offner <mic...@lucee.org> wrote:if you have locked down "/lucee/" you are fine.
Cheers.
This means for most people there is no rush to patch. Certainly Pete's HackMyCf service will moan if you haven't restricted it's access :-)
@Phil4.5.1.023 is now on the bitbucket download page, for some reason the previous attempt to upload it failed.we have also published 4.5.1.023 on the preview channel now.