Plesk SQL Injection patch

breun · Unread post by **breun** » Mon Sep 24, 2007 5:48 pm

Has everyone seen this one? No hotfix packages have been released, I believe, but there's a 'manual' fix available in that KB article. Plesk 8.0.0, 8.0.1, 8.1.0 and 8.2.0 are affected (8.1.1 somehow isn't).

Unread post by **scott** » Tue Sep 25, 2007 10:05 am

Is that fixed in 8.2.1? I havent tested it out yet. We added a test for it into the upcoming ASL release.

breun · Unread post by **breun** » Tue Sep 25, 2007 10:40 am

The 8.2.1 changelogs are not available yet, I believe. http://www.swsoft.com/en/download/plesk82/ currently still lists 8.2.0. I guess they fixed this in 8.2.1 though.

breun · Unread post by **breun** » Tue Sep 25, 2007 5:22 pm

Changelog found via http://www.swsoft.com/en/download/plesk/patches/ for Plesk 8.2.1 build82070918.10:

[*] Security improvements and bugfixes
[*] Upgrade procedure improvements
[-] Several autoinstller utility bugs with packages checking and mirroring have been resolved
[-] Several selinux configuration issues have been resolved.
[-] Several Backup and Migration bugs have been fixed.
[-] Issue with mail stucked in qmail-queue is resolved.
[-] Issue with sending notifications about domain expiration by statistics utility is resolved.
[-] Issue with permanent Spamassassin restarting by Watchdog is resolved.
[-] Problem with incorrect message("Management of parent node is forbidden") after domain deletion is resolved.
[-] Issue with mailling lists with dot symbols is resolved
[-] Issue with php safe mode management by client is resolved.
[-] Issue with incorrect php dependences of 'coppermine' and 'gallary' packages is resolved.
[-] Several issues with MySQL packages from mysql.com compatibility have been resolved.
[-] Issue with mysqldump.sh utility is resolved.