Schoorbs 1.0.3 released

30
Jun/08
3

Schoorbs 1.0.3 comes with a fix for the first detected security problem in Schoorbs ever (:-(). Despite it is a SQL injection vulnerability, it doesn’t give the users who could exploit it any more right since the affected code passage is only callable by administrators. Although this is a security release, a E-Mail-Logging-Backend is now included, so that one could be notified by mail if a booking will be created or edited. In short this has been done:

  • Added a backend for logging via E-Mail
  • Fixed SQL injection vulnerability in edit_area_room.php

Links:

Comments (3) Trackbacks (0)
  1. April Fool
    4:48 pm on June 30th, 2008

    Can you supply a link to ‘how to upgrade’?

  2. xhochy
    4:50 pm on June 30th, 2008

    Upgrading is simple:

    1. Make a backup of your old Schoorbs-installation
    2. Extract the new version
    3. Copy over config.inc.php and schoorbs-includes/logging.configuration.php
    4. Finished!

  3. xhochy
    6:27 pm on July 6th, 2008

    Now the upgrade process documentation is available on the Schoorbs homepage too:

    -> English: http://schoorbs.xhochy.com/enduser/upgrade.html
    -> German: http://schoorbs.xhochy.com/endnutzer/upgrade.html

Leave a comment

No trackbacks yet.