Small width layout Medium width layout Maximum width layout Small text Medium text Large text
     Search
Downloads Downloads Directory Directory Forums Forums Forge Forge Blogs Blogs        Marketplace Marketplace Careers Program Careers
Community › Forums Register  |  

$4.95 Windows Hosting at Webhost4life.com
  Ads  
Engage Software - Training Partner for DotNetNuke
 


  Sponsors  

Meet Our Sponsors

SmarterTools
The Official Microsoft ASP.NET Website
Portal Webhosting - Hosting For Developers
Red-Gate Software
MaximumASP
SourceGear - Tools for Developers
 


DotNetNuke Forums
 
  Forum  General DotNetN...  Chat About It!  4.8.3 update: what changed?
Previous Previous
 
Next Next
New Post 5/30/2008 5:43 PM
User is offline cathal connolly
2829 posts
www.cathal.co.uk
5th Ranked










Re: 4.8.3 update: what changed? 

FYI: due to the difficulty in making the security issues logged in gemini public (the title or/and details would be very useful to potential hackers), I've decided that when we have a security related issue that ends up requiring a change in code, I will keep the original gemini issue private, but create a new issue that is public. This will have the title used in the security advisory and a link to the relevant page for further details. This should allow people to see all the issues worked on for a release, but still ensure that no sensitive information gets leaked.

Thanks,

Cathal
 
New Post 5/30/2008 8:26 PM
User is offline Brandon Haynes
721 posts
brandonhaynes.org
7th Ranked


Re: 4.8.3 update: what changed? 

 cathal connolly wrote

I will keep the original gemini issue private, but create a new issue that is public...

I came here to suggest exactly this approach, but see that you're a step ahead of me!  I appreciate your doing this.

Brandon

Brandon Haynes
BrandonHaynes.org
 
New Post 5/31/2008 2:58 AM
User is offline allingtm
15 posts
10th Ranked


Re: 4.8.3 update: what changed? 

Anyone know what is happening with XSS resolution found by Soroush Dalili?

Thanks

Marc.
 
New Post 5/31/2008 9:58 AM
User is offline Alex Shirley
2481 posts
5th Ranked




Re: 4.8.3 update: what changed? 

Not entirely sure here what this is Marc, but doing a search came up with this forums issue:

http://www.dotnetnuke.com/Community/Blogs/tabid/825/EntryID/1395/Default.aspx

Cathal may know more....

Well might as well promo one of my DNN sites as I'm here: http://www.snasty.co.uk
 
New Post 5/31/2008 3:09 PM
User is offline allingtm
15 posts
10th Ranked


Re: 4.8.3 update: what changed? 

 Alex Shirley wrote

Not entirely sure here what this is Marc, but doing a search came up with this forums issue:

http://www.dotnetnuke.com/Community/Blogs/tabid/825/EntryID/1395/Default.aspx

Cathal may know more....

Hi, Sorry I should have given a link: http://www.securityfocus.com/archive/1/492793 

Has anyone looked at how much of an issue this actually is and does anybody know if anything is being done about it?

Thanks
 
 Page 3 of 5Previous12345Next 
Previous Previous
 
Next Next
  Forum  General DotNetN...  Chat About It!  4.8.3 update: what changed?
 


Forum Policy

These Discussion Forums are dedicated to the discussion of the DotNetNuke Web Application Framework.

For the benefit of the community and to protect the integrity of the project, please observe the following posting guidelines:

1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DotNetNuke.
2. Discussion or promotion of DotNetNuke product releases under a different brand name are strictly prohibited.
3. No Flaming or Trolling.
4. No Profanity, Racism, or Prejudice.
5. Site Moderators have the final word on approving/removing a thread or post or comment.
6. English language posting only, please.
 


Dnaxp.Net
Dnaxp.Net offers a comprehensive base of information, resources, and support for DotNetNuke.
www.dnaxp.net 		DNNMasters - modules, consulting, development
DNNMasters developers are involved in DNN development since DNN 1.0.9 and today we offer a broad range of DNN related products and services including custom development of modules, help with ing third party modules for specific needs, general DNN technical support and administrative services.
www.dnnmasters.com 		Cygnusoft Custom Software
Cygnusoft has been providing cutting-edge custom software solutions for 20 years. Cygnusoft is also a leading start-up incubator, helping our partners build successful new businesses.
www.cygnusoft.com

DotNetNuke Corporation   Terms Of Use  Privacy Statement
DotNetNuke®, DNN®, and the DotNetNuke logo are trademarks of DotNetNuke Corporation
Hosted by MaximumASP