Update of viewvc from 1.1-dev to 1.1.3 to fix security issues?
Philip M. Gollucci
pgollucci at p6m7g8.com
Sun Jan 17 05:37:47 UTC 2010
On 1/13/2010 10:38 AM, Bruce Cran wrote:
> Hi,
>
> Having recently setup a ViewVC server myself, I noticed that
> http://svn.freebsd.org/viewvc is still reporting that it's using
> version 1.1-dev, which I presume is a version from before 1.1.0?
>
> Version 1.1.3 was released just before Christmas and fixed a couple of
> new security issues. I don't know what configuration is being used, but
> if you're running a version before 1.1.2 you might want to consider
> upgrading since they have an XSS flaw.
>
> Regards,
> Bruce Cran
>
IIRC, you can disable the 'views' in the viewvc.conf to work around that
without upgrading. but he I like upgrading.
--
------------------------------------------------------------------------
1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70 3F8C 75B8 8FFB DB9B 8C1C
Philip M. Gollucci (pgollucci at p6m7g8.com) c: 703.336.9354
VP Apache Infrastructure; Member, Apache Software Foundation
Committer, FreeBSD Foundation
Sr. System Admin, Ridecharge Inc.
Consultant, P6M7G8 Inc.
Work like you don't need the money,
love like you'll never get hurt,
and dance like nobody's watching.
More information about the freebsd-www
mailing list