rejetto forum

Software => HFS ~ HTTP File Server => Topic started by: rejetto on September 14, 2014, 05:20:13 PM

Title: New version: 2.3c
Post by: rejetto on September 14, 2014, 05:20:13 PM

download @ http://www.rejetto.com/hfs/download

what's new
  Security fixes


in details
* files are reloaded when the timestamp has changed, not only when it's newer
- fixed Remote Command Execution CVE-2014-6287 (thanks to Daniele Linguaglossa)
- fixed CSRF (thanks to D.L.)
- fixed XSS on comments and upload (thanks to D.L.)
- program was stuck on lengthy disk harvesting
- filelist.tpl is now named hfs.filelist.tpl *

* edited by SilentPlliz

Title: Re: New version: 2.3c
Post by: LeoNeeson on September 16, 2014, 05:29:56 PM

I must say thank you, to both of you: Rejetto and Daniele Linguaglossa, for making this release. I'm very happy that Daniele finally did help Rejetto to fix this security issue. :)

PS: I owe an apology to you, Daniele. Because at first I thought that you were a 14-years-old hacker kid, who was bragging about it. I was wrong, and I give you my apology.

Title: Re: New version: 2.3c
Post by: Ligor on October 02, 2014, 05:01:44 AM

Thank you for the new and very fast versions 2.3*!

Unfortunately there is a user/pass problem since 2.3b (at least). After about one day uptime and fine work user and/or pass will not longer accepted until restart of hfs.