Security fixes from Tim Coen (file upload, comment token escaping, 2k11 js comment name escaping)

2015-07-24 13:27:21 +02:00
parent c4f9b721e7
commit 00be5d7b4c
7 changed files with 21 additions and 10 deletions
--- a/docs/NEWS
+++ b/docs/NEWS
@ -60,6 +60,17 @@ Version 2.1 ()
 Version 2.0.2 ()
 ------------------------------------------------------------------------

+    * Fix security issues reported by Tim Coen of Curesec.com:
+
+      - Forbid uploading files with PHP contents and possible
+        PHP execution by authenticated users (critical if
+        you have possible untrustworthy authors)
+      - Add proper escaping for comment approval tokens to prevent
+        SQL injection (authenticated authors only)
+      - Add proper escaping of comment's author names in the       
+        comment reply form to prevent XSS (2k11 template, javascript
+        based)
+
    * CKEDITOR bugfix releases to 4.4.8 - please read the changelog.
      Including widget, lineutils, fakeobjects Plugins and S9y added
      cheatsheet and procurator Plugins.
--- a/docs/RELEASE
+++ b/docs/RELEASE
@ -1,2 +1,2 @@
-stable:2.0.1
-beta:2.0.1
+stable:2.0.2
+beta:2.0.2