EMERGENCY! Major security hole in 1.74.8 fixed in 1.74.9.
8 views
Skip to first unread message
mdipierro
Feb 1, 2010, 2:56:11 PM2/1/10
to web2py-users
User sveinh has discovered a major security hole in 1.74.8. This is
really major and you should immediately upgrade to 1.74.9.
really major and you should immediately upgrade to 1.74.9.
I apologize for this.
Massimo
Thadeus Burgess
Feb 1, 2010, 3:16:08 PM2/1/10
to web...@googlegroups.com
Does this apply to <= 1.74.7?
-Thadeus
> --
> You received this message because you are subscribed to the Google Groups "web2py-users" group.
> To post to this group, send email to web...@googlegroups.com.
> To unsubscribe from this group, send email to web2py+un...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/web2py?hl=en.
>
>
Timothy Farrell
Feb 1, 2010, 4:23:02 PM2/1/10
to web...@googlegroups.com
Which version was the bug introduced in? My production environment runs
an older version than my dev environment.
an older version than my dev environment.
mdipierro
Feb 1, 2010, 4:36:50 PM2/1/10
to web2py-users
I am trying to find out. I know it is not in 1.74.1.
Timothy Farrell
Feb 1, 2010, 4:39:23 PM2/1/10
to web...@googlegroups.com
If you know where it is in the code you can always: bzr blame <filename>
That will give you the revision number. From that you should be able to
determine the date and then version number.
mdipierro
Feb 1, 2010, 4:42:00 PM2/1/10
to web2py-users
I runs some tests. This affects 1.74.8 and 1.74.7 ONLY. It does not
affect previous versions.
affect previous versions.
Massimo
mr.freeze
Feb 1, 2010, 4:51:01 PM2/1/10
to web2py-users
Can you give us details on the exploit? I would like to run my own
tests. If you don't want to disclose it publicly, can you send an
email?
tests. If you don't want to disclose it publicly, can you send an
email?
Reply all
Reply to author
Forward
0 new messages