[TYPO3-english] mm_forum security update shows now changes against previous version?

Christopher Lörken lists at bytro.com
Tue Mar 16 17:32:31 CET 2010


Hi,

as announced in today's typo3-announce mail [1] and security advisory 
[2], the mm_forum extension shows cross site scripting vulnerabilities.

Since we have adjusted parts of the code I will have to look at the 
changes and merge them into our version. I've downloaded the brand new 
t3x file for version 1.8.3 from the extension repository and compared it 
against the SVN snapshot of the previous 1.8.2. But: I found no changes...

The forge SVN does not yet contain a 1.8.3 tag, the current trunk 
version shows no commits regarding critical security fixes and since the 
current t3x file is exactly the same as that of version 1.8.2, I'd 
really like to know what are the changes and what are the 
vulnerabilities...?


Does anyone have more information?

Thanks in advance and best wishes,
Christopher


----
[1] http://lists.typo3.org/pipermail/typo3-announce/2010/000149.html
[2] http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-007/


More information about the TYPO3-english mailing list