Page 1 of 1
Plesk SQL Injection patch
Posted: Mon Sep 24, 2007 5:48 pm
by breun
Has everyone seen
this one? No hotfix packages have been released, I believe, but there's a 'manual' fix available in that KB article. Plesk 8.0.0, 8.0.1, 8.1.0 and 8.2.0 are affected (8.1.1 somehow isn't).
Posted: Tue Sep 25, 2007 10:05 am
by scott
Is that fixed in 8.2.1? I havent tested it out yet. We added a test for it into the upcoming ASL release.
Posted: Tue Sep 25, 2007 10:40 am
by breun
The 8.2.1 changelogs are not available yet, I believe.
http://www.swsoft.com/en/download/plesk82/ currently still lists 8.2.0. I guess they fixed this in 8.2.1 though.
Posted: Tue Sep 25, 2007 5:22 pm
by breun
Changelog found via
http://www.swsoft.com/en/download/plesk/patches/ for Plesk 8.2.1 build82070918.10:
[*] Security improvements and bugfixes
[*] Upgrade procedure improvements
[-] Several autoinstller utility bugs with packages checking and mirroring have been resolved
[-] Several selinux configuration issues have been resolved.
[-] Several Backup and Migration bugs have been fixed.
[-] Issue with mail stucked in qmail-queue is resolved.
[-] Issue with sending notifications about domain expiration by statistics utility is resolved.
[-] Issue with permanent Spamassassin restarting by Watchdog is resolved.
[-] Problem with incorrect message("Management of parent node is forbidden") after domain deletion is resolved.
[-] Issue with mailling lists with dot symbols is resolved
[-] Issue with php safe mode management by client is resolved.
[-] Issue with incorrect php dependences of 'coppermine' and 'gallary' packages is resolved.
[-] Several issues with MySQL packages from mysql.com compatibility have been resolved.
[-] Issue with mysqldump.sh utility is resolved.