Recent posts (max 2) - Browse or Archive for more

Maia 1.0.2c Released (minor maintenance)

A very minor update (1.0.2c) was released today to fix a feature we inadvertently broke with our recent security fix. Wildcards (* and ?) were no longer being accepted in new user-submitted whitelist and blacklist entries (see #558); pre-existing entries containing wildcards were unaffected, only attempts to add new entries containing wildcards were being rejected.

The fix is equally small: a one-line edit (see [1513]).

Thanks to Jan Arve Nygård for spotting this! :)

Maia 1.0.2b Released (security release)

A recent code audit revealed a cross-site scripting vulnerability in several of the PHP scripts included in versions up to and including 1.0.2a (see #557 for details), and these have been fixed in the 1.0.2b release, which is strongly recommended for all installations that are currently running any of the affected versions. The pre-release 1.0.3 (SVN) is unaffected by this vulnerability.

Users upgrading from 1.0.2a can simply apply the patch from [1511]; users of older versions are urged to download the 1.0.2b tarball from the Files page.