NewsFeaturesDownloadsDevelopmentSupportAbout Us

Release notes Lifetype 1.2.7

From LifeType Wiki

Contents

Release notes for Lifetype 1.2.7

Description

Lifetype 1.2.7 is primarily a security release, though a number of issues with resources have been fixed as well.

Download

These are the links to the full Lifetype 1.2.7 packages:

Lifetype 1.2.7 (.tar.bz2)

Lifetype 1.2.7 (.tar.gz)

Lifetype 1.2.7 (.zip)

If upgrading from Lifetype 1.2.6, there are packages available which only include new or modified files and will allow you to upgrade from Lifetype 1.2.6 only. These packages can not be used to upgrade from 1.1.x or any other 1.2 release:

Lifetype upgrade package from 1.2.6 (.tar.gz)

Lifetype upgrade package from 1.2.6 (.zip)

New features

No new features have been introduced in LifeType 1.2.7.

Issues fixed

All 1.2.x versions prior to 1.2.7 are susceptible to a security bug that allowed malicious users to upload disallowed files if they used capitalized extensions (test.PHP or test.pHp). Once uploaded, they could be executed, allowing an attacker to execute any code they wanted using your user's privileges. The announcement on the forums and the bug report.

In light of the security bug, a couple more .htaccess files were added, and existing ones made more secure. See the notes in gallery/.htaccess for ways to make it more secure than what we ship by default. The bug report

Various bugs with resources, regenerating previews, resizing, etc. have been fixed.

The complete list of issues fixed in Lifetype 1.2.7, extracted from the project's bug tracking system

1464: Capitalized extensions in resources (test.JPG) now work correctly

1460: PHP_NOTICE warning in 1.2.6: defaultFiltersRegistered

1467: Picture re-sizing issue

1473:Regenerate preview has various bugs

1476: Purge spam on trackbacks page doesn't work

1477: Security: upload_forbidden_files is being checked in a case-sensitive manner

1478: Add more .htaccess files to protect all of the appropriate directories (mostly for developers)