Schoorbs 1.0.3 released
30Jun2008 Filed under: Gerneral Author: xhochySchoorbs 1.0.3 comes with a fix for the first detected security problem in Schoorbs ever (:-(). Despite it is a SQL injection vulnerability, it doesn’t give the users who could exploit it any more right since the affected code passage is only callable by administrators. Although this is a security release, a E-Mail-Logging-Backend is now included, so that one could be notified by mail if a booking will be created or edited. In short this has been done:
- Added a backend for logging via E-Mail
- Fixed SQL injection vulnerability in edit_area_room.php
Links:
3 Responses to “Schoorbs 1.0.3 released”
Leave a reply
About me
I'm a computer science student at the Karlsruhe
Institute of Technology. In my spare time I create some nice pieces of
software (mostly for the web), enjoy tuning some of my websites or volunteer
in a fantastic youth organisation.
Read more about me or
my projects.
April Fool
June 30th, 2008 at 4:48 pm
Can you supply a link to ‘how to upgrade’?
xhochy
June 30th, 2008 at 4:50 pm
Upgrading is simple:
1. Make a backup of your old Schoorbs-installation
2. Extract the new version
3. Copy over config.inc.php and schoorbs-includes/logging.configuration.php
4. Finished!
xhochy
July 6th, 2008 at 6:27 pm
Now the upgrade process documentation is available on the Schoorbs homepage too:
-> English: http://schoorbs.xhochy.com/enduser/upgrade.html
-> German: http://schoorbs.xhochy.com/endnutzer/upgrade.html