Schoorbs 1.0.3 released

30
Jun/083

Schoorbs 1.0.3 comes with a fix for the first detected security problem in Schoorbs ever (:-(). Despite it is a SQL injection vulnerability, it doesn’t give the users who could exploit it any more right since the affected code passage is only callable by administrators. Although this is a security release, a E-Mail-Logging-Backend is now included, so that one could be notified by mail if a booking will be created or edited. In short this has been done:

Added a backend for logging via E-Mail
Fixed SQL injection vulnerability in edit_area_room.php

Links:

Tagged as: backend, booking, injection, logging, mail, mrbs, mysql, php, postgresql, release, resource, room, schoorbs, sql, stable

3 Comments

Comments (3) Trackbacks (0) ( subscribe to comments on this post )

April Fool
4:48 pm on June 30th, 2008
Can you supply a link to ‘how to upgrade’?
xhochy
4:50 pm on June 30th, 2008
Upgrading is simple:

1. Make a backup of your old Schoorbs-installation
2. Extract the new version
3. Copy over config.inc.php and schoorbs-includes/logging.configuration.php
4. Finished!
xhochy
6:27 pm on July 6th, 2008
Now the upgrade process documentation is available on the Schoorbs homepage too:

-> English: http://schoorbs.xhochy.com/enduser/upgrade.html
-> German: http://schoorbs.xhochy.com/endnutzer/upgrade.html

No trackbacks yet.

XhochY english flavoured stories

Schoorbs 1.0.3 released

Leave a comment

Pages

Categories

Blogroll

Archive

Meta