|
Форум больше не используется. Присоединяйтесь к каналу #community-ru в Slack for TYPO3 community |
12.10.2006, 05:46
|
#1 |
|
Senior Member
Регистрация: 14.11.2005
Адрес: Улан-Удэ
Сообщений: 158
 |
[TYPO3-announce] Security Bulletin TYPO3-20061010-1: fe_adminLib.inc
Может стоит создать раздел на форуме типа "Безопасность" и перечислять уязвимости?
Пришло по рассылке ----- Forwarded message from Michael Hirdes <dodger/typo3.org> ----- Date: Tue, 10 Oct 2006 15:43:07 +0200 From: Michael Hirdes <dodger/typo3.org> To: typo3-announce/lists.netfielders.de Subject: [TYPO3-announce] Security Bulletin TYPO3-20061010-1: fe_adminLib.inc Dear users of TYPO3, A Cross-Site-Scripting (XSS) problem has been discovered in fe_adminLib.inc The "backURL" parameter is not escaped correctly. A prepared URL could potentially contain some unwanted JavaScript code. A patched Version has been released under [1] The upcoming release 4.0.3 of TYPO3 will contain this patch. Please see [1] for instruction how to patch your installations. Also the TYPO33 Security Cookbook has been released under [2] please have a look at this. on behalf of the Security Team, Michael Hirdes [1] http://typo3.org/teams/security/secu...o3-20061010-1/ [2] http://typo3.org/teams/security/ -- TYPO3 Security Team http://typo3.org/teams/security _______________________________________________ TYPO3-announce mailing list TYPO3-announce/lists.netfielders.de http://lists.netfielders.de/cgi-bin/...typo3-announce ----- End forwarded message ----- -- ---- WBR, Michael Shigorin <mike@altlinux.ru> ------ Linux.Kiev http://www.linux.kiev.ua/ _______________________________________________ TYPO3-russia mailing list TYPO3-russia@lists.netfielders.de http://lists.netfielders.de/cgi-bin/...o/typo3-russia |
|
|
Древовидный вид