Hello,
I've just released Thumblist 83Qb, available from:
http://
www.pmwiki.org/wiki/Cookbook/ThumbList
htt
p://galleries.accent.bg/pub/thumblist2.php.txt
http://galleries.accent.bg/pub/thumblist2-actions.php.t
xt
The primary purpose of this release is to close a potential
security
vulnerability that could allow an attacker to consume a fair
amount of server
ressources (CPU, RAM, ...). No known actual exploits of this
vulnerability
have been reported, but all users are urged to upgrade.
For those who are running older versions of Thumblist, the
vulnerability can
be avoided by either:
* upgrading to this release, or
* disabling the recipe, or
* restricting page and gallery editing privileges to trusted
individuals,
notably by setting an edit/upload password [1] *and*
restricting gallery
creation to authenticated users in config.php:
$HandleAuth['createthumb'] = 'edit';
Before upgrading, please read the installation instructions
and the release
notes:
http://
www.pmwiki.org/wiki/Cookbook/ThumbList
h
ttp://galleries.accent.bg/Thumblist2/NewInVersion2
If upgrading poses a difficulty for any site, please contact
me at 5ko <snail>
5ko.fr for assistance and a patch for older versions of
Thumblist can be made
available.
Comments, questions welcome as always.
Thanks,
Petko
[1] http
://www.pmwiki.org/wiki/PmWiki/PasswordsAdmin
_______________________________________________
pmwiki-announce mailing list
pmwiki-announce pmichaud.com
http://host.pmichaud.com/mailman/listinfo/pmwiki-announ
ce
|
