Hi
On Thu 24. 11. 2005 08:19, Marc Delisle wrote:
Michal Čihař a écrit :
On Wed 23. 11. 2005 22:51, Marc Delisle wrote:
I counted 2 others, so I issued an alert for those 3 problems.
We should also handle in same announcement the new one I sent recently. It looks to me like it is still not fixed...
The one from debian? I think you fixed it with
- libraries/.htaccess: Deny access to libraries folder over HTTP.
This doesn't allow us to ignore holes in libraries and will be in 2.7.1, so 2.7.0 is still affected. I'll include that patch.
But I would put it in a new announcement, along with the one concerning HTTP_HOST, since they are both fixed in 2.7.0.
Regarding the new one you just fixed, was it present in 2.6.4?
You mean the HTTP_HOST issue? Yes it is, related code is commented to be from 2001/25/11...
Instead of a backport to QA_2_6_4, I suggest to wait for 2.7.0's release for an announcement.
Okay for me.