24 Nov
2005
24 Nov
'05
3:11 a.m.
Hi
On Thu 24. 11. 2005 08:19, Marc Delisle wrote:
Michal Čihař a écrit :
This doesn't allow us to ignore holes in libraries and will be in 2.7.1,
so 2.7.0 is still affected. I'll include that patch.
On Wed 23. 11. 2005 22:51, Marc Delisle wrote:
The one from debian? I think you fixed it with
* libraries/.htaccess: Deny access to libraries folder over HTTP. I counted 2 others, so I issued an alert for those
3 problems.
We should also handle in same announcement the new one I sent
recently. It looks to me like it is still not fixed... But I would put it in a new announcement, along with
the one
concerning HTTP_HOST, since they are both fixed in 2.7.0.
Instead of a backport to QA_2_6_4, I suggest to wait for 2.7.0's
release for an announcement.
Okay for me.
--
Michal Čihař | http://cihar.com
Regarding
the new one you just fixed, was it present in 2.6.4?
You mean the HTTP_HOST issue? Yes it is, related code is commented
to be from 2001/25/11...