rejetto forum

New version: 2.3c

0 Members and 1 Guest are viewing this topic.

Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13310
    • View Profile
download @

what's new
  Security fixes

in details
* files are reloaded when the timestamp has changed, not only when it's newer
- fixed Remote Command Execution CVE-2014-6287 (thanks to Daniele Linguaglossa)
- fixed CSRF (thanks to D.L.)
- fixed XSS on comments and upload (thanks to D.L.)
- program was stuck on lengthy disk harvesting
- filelist.tpl is now named hfs.filelist.tpl *

* edited by SilentPlliz
« Last Edit: December 22, 2014, 03:45:01 PM by SilentPliz »

Offline LeoNeeson

  • Tireless poster
  • ****
    • Posts: 768
  • Status: On hiatus (sporadically here)
    • View Profile
I must say thank you, to both of you: Rejetto and Daniele Linguaglossa, for making this release. I'm very happy that Daniele finally did help Rejetto to fix this security issue. :)

PS: I owe an apology to you, Daniele. Because at first I thought that you were a 14-years-old hacker kid, who was bragging about it. I was wrong, and I give you my apology.

Offline Ligor

  • Occasional poster
  • *
    • Posts: 1
    • View Profile
Thank you for the new and very fast versions 2.3*!

Unfortunately there is a user/pass problem since 2.3b (at least). After about one day uptime and fine work user and/or pass will not longer accepted until restart of hfs.