Schoorbs 1.0.3 released

Published
by
xhochy
on June 30, 2008
in Gerneral
. Tags: , , , , , , , , , , , , , , .

Schoorbs 1.0.3 comes with a fix for the first detected security problem in Schoorbs ever (:-(). Despite it is a SQL injection vulnerability, it doesn’t give the users who could exploit it any more right since the affected code passage is only callable by administrators. Although this is a security release, a E-Mail-Logging-Backend is now included, so that one could be notified by mail if a booking will be created or edited. In short this has been done:

  • Added a backend for logging via E-Mail
  • Fixed SQL injection vulnerability in edit_area_room.php

Links:

3 Responses to “Schoorbs 1.0.3 released”

Feed for this Entry Trackback Address
  1. 1 April Fool
    June 30, 2008 at 4:48 pm

    Can you supply a link to ‘how to upgrade’?

  2. 2 xhochy
    June 30, 2008 at 4:50 pm

    Upgrading is simple:

    1. Make a backup of your old Schoorbs-installation
    2. Extract the new version
    3. Copy over config.inc.php and schoorbs-includes/logging.configuration.php
    4. Finished!

  3. 3 xhochy
    July 6, 2008 at 6:27 pm

    Now the upgrade process documentation is available on the Schoorbs homepage too:

    -> English: http://schoorbs.xhochy.com/enduser/upgrade.html
    -> German: http://schoorbs.xhochy.com/endnutzer/upgrade.html

Leave a Reply