Changes for page Application_MoinMoin

Last modified by Nicolas Gregoire on 2012/01/29 17:56
From version Icon 10.1 Icon
edited by Nicolas Gregoire
on 2012/01/24 22:31
Change comment: There is no comment for this version
To version Icon 11.1
edited by Nicolas Gregoire
on 2012/01/29 17:56
Change comment: There is no comment for this version

Summary

Details

Icon Page properties
Tags
... ... @@ -1,0 +1,1 @@
1 +wiki|4Suite|unsafe|python|XEE
Content
... ... @@ -9,7 +9,7 @@
9 9  By default, the 'allow_xslt' configuration option is set to False. __If__ this option is set to True, then "read/write/overwrite arbitrary path/file as the moin process uid/gidarbitrary" is possible. These bugs are triggered by inserting then displaying wiki pages containing XSLT code.
10 10  
11 11  
12 -This behavior was documented in version 1.9.3 : [[MoinMoin security page>>http://moinmo.in/SecurityFixes||rel="__blank"]], [[commit>>http://hg.moinmo.in/moin/1.9/rev/99e2309a7ec0||rel="__blank"]].
12 +This behavior was documented between versions 1.9.3 (June 2010) and 1.9.4 (should be released soon) : [[MoinMoin security page>>http://moinmo.in/SecurityFixes||rel="__blank"]], [[commit>>http://hg.moinmo.in/moin/1.9/rev/99e2309a7ec0||rel="__blank"]].
13 13  
14 14  = File disclosure =
15 15