How to use the RSS aggregator » Upgrade » Release notes Lifetype 1.2.8 » PLog 1.0/Installation » Release notes Lifetype 1.2.7
From LifeType Wiki
Contents |
Release notes for Lifetype 1.2.7
Description
Lifetype 1.2.7 is primarily a security release, though a number of issues with resources have been fixed as well.
Download
These are the links to the full Lifetype 1.2.7 packages:
If upgrading from Lifetype 1.2.6, there are packages available which only include new or modified files and will allow you to upgrade from Lifetype 1.2.6 only. These packages can not be used to upgrade from 1.1.x or any other 1.2 release:
Lifetype upgrade package from 1.2.6 (.tar.gz)
Lifetype upgrade package from 1.2.6 (.zip)
New features
No new features have been introduced in LifeType 1.2.7.
Issues fixed
All 1.2.x versions prior to 1.2.7 are susceptible to a security bug that allowed malicious users to upload disallowed files if they used capitalized extensions (test.PHP or test.pHp). Once uploaded, they could be executed, allowing an attacker to execute any code they wanted using your user's privileges. The announcement on the forums and the bug report.
In light of the security bug, a couple more .htaccess files were added, and existing ones made more secure. See the notes in gallery/.htaccess for ways to make it more secure than what we ship by default. The bug report
Various bugs with resources, regenerating previews, resizing, etc. have been fixed.
The complete list of issues fixed in Lifetype 1.2.7, extracted from the project's bug tracking system
1464: Capitalized extensions in resources (test.JPG) now work correctly
1460: PHP_NOTICE warning in 1.2.6: defaultFiltersRegistered
1467: Picture re-sizing issue
1473:Regenerate preview has various bugs
1476: Purge spam on trackbacks page doesn't work
1477: Security: upload_forbidden_files is being checked in a case-sensitive manner
1478: Add more .htaccess files to protect all of the appropriate directories (mostly for developers)
