General ⇒ Announcements ⇒ Immediate security release of Dragonfly 9.3.3.1 ⇒ Community Forums ⇒ CPG Dragonfly™ CMS
Forum IndexAnnouncements

Immediate security release of Dragonfly 9.3.3.1 This topic is locked: you cannot edit posts or make replies.


I found a new less critical Dragonfly security advisory secunia.com/advisories/47999/

Therefore i released Dragonfly 9.3.3.1 which solves the XSS (Cross Site Scripting) report.

There is a slight change some things might not work properly anymore as i modified cmsinit.inc to block any request that contains:
  • <script
  • <object
  • <iframe

Download update

For a manual patch see:
/includes/cmsinit.inc?d=10.25-10.24
/modules/coppermine/thumbnails.php?d=9.2-9.1

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Fedora 25 / Apache 2.4.27 / MariaDB 10.1.26 / PHP 7.1.10 / Mercurial


Thank you, patched.

www.greenday2k.net

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):


Thanks for posting to Forums!

And just to note that cmsinit.inc change is not (yet) in CVS for v9.

Pro_News CM™ - Content Management for Dragonfly CMS™

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Linux / 1.3.39 - 2.4.9 / 5.5.42 - 5.6.16 / 5.4.37 - 5.5.11 / 9.4


layingback wrote
And just to note that cmsinit.inc change is not (yet) in CVS for v9.

Correct, i didn't have time to figure out where it went Razz
Maybe Nano can?

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Fedora 25 / Apache 2.4.27 / MariaDB 10.1.26 / PHP 7.1.10 / Mercurial


:lol; Just didn't want it forgotten.

It's the next in the 9.142.2.xx series.

Pro_News CM™ - Content Management for Dragonfly CMS™

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Linux / 1.3.39 - 2.4.9 / 5.5.42 - 5.6.16 / 5.4.37 - 5.5.11 / 9.4


for manually patching v9 download

v.9.1.10.1 modules/coppermine/thumbnails.php from file history

v.9.142.2.19 inlcudes/cmsinit.inc from file history

while you there grab also
v.9.39.2.9 modules/Forums/viewtopic.php from file history for another recent minor bugfix

.:: I met php the 03 December 2003 :: Unforgettable day! ::.

Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
CloudLinux / Apache 2.4 LSAPI / MySQLi 5.6 / PHP 5.6 / DCVS

All times are UTC
Post new topic This topic is locked: you cannot edit posts or make replies. Forum IndexAnnouncements
Page 1 of 1


Jump to: