Changes for page Application_MoinMoin

Last modified by Nicolas Gregoire on 2012/01/29 17:56
From version Icon 10.2 Icon
edited by Nicolas Gregoire
on 2012/01/25 10:53
Change comment: Added tag [wiki, 4Suite, unsafe, python, XEE]
To version Icon 11.1
edited by Nicolas Gregoire
on 2012/01/29 17:56
Change comment: There is no comment for this version

Summary

Details

Icon Page properties
Content
... ... @@ -9,7 +9,7 @@
9 9  By default, the 'allow_xslt' configuration option is set to False. __If__ this option is set to True, then "read/write/overwrite arbitrary path/file as the moin process uid/gidarbitrary" is possible. These bugs are triggered by inserting then displaying wiki pages containing XSLT code.
10 10  
11 11  
12 -This behavior was documented in version 1.9.3 : [[MoinMoin security page>>http://moinmo.in/SecurityFixes||rel="__blank"]], [[commit>>http://hg.moinmo.in/moin/1.9/rev/99e2309a7ec0||rel="__blank"]].
12 +This behavior was documented between versions 1.9.3 (June 2010) and 1.9.4 (should be released soon) : [[MoinMoin security page>>http://moinmo.in/SecurityFixes||rel="__blank"]], [[commit>>http://hg.moinmo.in/moin/1.9/rev/99e2309a7ec0||rel="__blank"]].
13 13  
14 14  = File disclosure =
15 15