Stories
Slash Boxes
Comments

Slash Open Source Project

This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Slash 2.2.x vulnerabilities 5 Comments More | Login /

 Full
 Abbreviated
 Hidden
More | Login
Loading... please wait.

  • upgrading (Score:0)

    by Anonymous Coward
    How easy is it to upgrade from 2.0 to the 2.2.3? I've customized the templates an awful lot and don't really want to have to do it all over again. Does anyone have any tips?

    • Re:upgrading (Score:2)

      by pudge (6) on Thursday January 10 2002, @01:39PM (#3984) Homepage
      Note, again, you do NOT have to upgrade from 2.0 to 2.2.3. This vulnerability is only in 2.1 and up.

      • Re:upgrading (Score:0)

        by Anonymous Coward
        yes I realize that but I'm sure there are probably some things broke in 2.0 that are fixed in 2.2.3.
        • I didn't find it to hard. I think the most annoying change required me to update my dispStory template since there was a change in how topics were passed.
          --

          --
          You can't grep a dead tree.

      • Re:upgrading (Score:0)

        by Anonymous Coward
        2.0 does have security holes that are fixed by the `formkey' field in forms (assuming that it is used correctly). If you are logged in to a Slash 2.0 site you should not visit untrusted web sites (especially if logged in to an admin account) as the web page can cause your web browser to use your Slash account in malicious ways. This does not require JavaScript or any advanced functionality.

        Capt. Tofu was informed about this bug but I know of no effort made to inform the Slash-using population.