v4.0.1 Released - Security Update
posted by Egg @ 11:03am, Friday 28 March 2008.
An update has been released and is now available to download for eggBlog.
There is a possible cookie based SQL injection threat that has been removed in this update, as has the requirement for FreeType support.
When updating from pre-v4.0rc3, you will need to manually update your /config.php file to the new language file (from en-uk to en_gb). Then edit your config file through the administration area and save - this will create the neccessary new "tag flag" and "MySQL Database" setting.
Major updates include:
- possible cookie based SQL injection threat
- FreeType (TTF) based captcha replaced with GDF support
Download
Download the latest version of eggBlog from:
http://eggblog.net/download.php
Installation & Upgrading
Full details are available online at:
http://eggblog.net/news.php?id=5
Themes
Download additional themes to completely change the look of your site.
The full change log:
4.0.1 (2008-03-28)
- update check added to admin homepage
- kill cookies & sessions on installation
- bug: possible cookie based SQL injection - thanks to girex.altervista.org
- bug: removed requirement of FreeType for captcha
- bug: requirement of FreeType library removed
- bug: error in upgrade_3to4.php removed
- bug: session/cookie names include domain names for increased security
Comments
How stable is this version
Don Mongolian - 12:38pm, Saturday 14 June 2008.
Very, it wouldn't be released if it wasn't.
Egg - 5:56pm, Tuesday 17 June 2008.
interesante
Don Mongolian - 1:46am, Wednesday 18 June 2008.
Submit Your Comment
You are not logged in.