NewsFeaturesDownloadsDevelopmentSupportAbout Us

Release notes Lifetype 1.2.11

From LifeType Wiki

Contents

Release notes for Lifetype 1.2.11

Description

Lifetype 1.2.11 is mostly a security release in the 1.2 series, though there are a handful of bug fixes as well.

Security fix #1: In versions of LifeType prior to 1.2.11, there is a cross-site request forgery bug, where mischievous visitors can trick LifeType administrators into viewing certain web pages, and modify their blog. A new plugin, named CSRF has been created to combat this problem. This plugin (unlike regular plugins) does not work for any LifeType 1.2.x release, but only works for releases 1.2.11+. This plugin comes installed by default. See the forum message for a further explanation on some workarounds and issues with this new security model.

Security fix #2: The LifeType team was notified of a Cross site scripting vulnerability which allows a malicious visitor of the blog to put a malformed referer header into the database, which would then be executed when a blog administrator views the statistics pages in the administration interface. Once you have updated to 1.2.11 or later, you are safe from previous and future attacks.

Download

These are the links to the full Lifetype 1.2.11 packages:

Lifetype 1.2.11 (.tar.bz2)

Lifetype 1.2.11 (.tar.gz)

Lifetype 1.2.11 (.zip)

If upgrading from Lifetype 1.2.10, there are packages available which only include new or modified files and will allow you to upgrade from Lifetype 1.2.10 only. These packages can not be used to upgrade from 1.1.x or any other 1.2.x release:

Lifetype upgrade package from 1.2.10 (.tgz)

Lifetype upgrade package from 1.2.10 (.zip)

Important notes

NOTE: If you are still running php4, make sure to check out this bug report to avoid a menutabs error in the administration section.

New features

Tiny MCE was upgraded to the latest release, and our plugins were upgraded to work with the latest browsers.

Issues fixed

Template Editor plugin had a problem in Internet Explorer

Some custom URL changes, see the link below for more details if anything is broken on your blog after upgrading.

Complete list of changes