The vB Geek

The vB Geek (http://www.thevbgeek.com/index.php)
-   Geek Article and Review System (http://www.thevbgeek.com/forumdisplay.php?f=26)
-   -   GARS 2.1.8b & 2.1.8c release discussion (http://www.thevbgeek.com/showthread.php?t=3306)

The Geek 05-28-2007 08:56 PM

GARS 2.1.8b & 2.1.8c release discussion
 
1 Attachment(s)
As much as I hate releasing another update so soon after the last one, it has come to my attention of a potential XSS flaw in all versions of GARS previous to 2.1.8b

There are 3 options for fixing this issue:
  • If you are running GARS 2.1.8, then download the latest package and upload the following files from the new package (you do not have to update your product xml):
    • geek/gars/includes/gars_class_core.php
    • geek/gars/includes/gars_class_page.php
  • If you are running a version older than 2.1.8 then I stongly suggest that you upgrade to 2.1.8b to take full advantage of bug fixes (inluding this security fix). Please check out the 2.1.8 release thread on upgrading.
  • If you can not currently upgrade GARS but want to apply the fixes, you can manually edit the 2 affected files by following the text file attached to this post.
Please leave this thread open for discussion of 2.1.8b. Post bugs or feature requests in Project Tools or start a new thread to troubleshoot.
FYI, the latest package is 2.1.8c. Read here

Quisaz Haderach 05-28-2007 09:13 PM

Thank you for providing fast that patch for the security issue :eek:
Take care :rolleyes:

Ranma 05-28-2007 09:50 PM

Thanks for the update

Chief Corn 05-28-2007 11:17 PM

just upgraded from 2.0.2 to 2.1.8b and it seems to be functioning ok now. i had a problem with an invalid sql column 'gcv.gars6' in 'field list' but i think cleaning the cache and/or rebuilding custom field title and descriptions fixed it.

cupra 05-28-2007 11:45 PM

installd - thx a lot for that update the geek = your doing a great work !

florino 05-29-2007 12:48 AM

Thank you !!

Loco 05-29-2007 06:00 AM

I didn't even see the 2.1.8 release, guess I know one thing I'll be doing this week.

Thanks for keeping us secure :)

Hornstar6969 05-29-2007 06:28 AM

never a problem when it is dealing with security. thanks.

artsin 05-29-2007 07:31 PM

Has thanked installs and it functions wonderfully

efil 06-02-2007 08:35 PM

problem after upgrade
 
1 Attachment(s)
Hi,
After upgrade to 2.1.8b , i get this (see pic) where ever there is (").
It's
happen only in Forumdisplay. (my forum is in hebrew).


All times are GMT. The time now is 09:12 PM.

Powered by vBulletin® Version 3.8.5
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.