Re: Security update for LedgerSMB 1.1

["Matt Jackson" <..hidden..>]

This leads to an interesting point for "newbies": how do you upgrade?
I am used to using php/mysql programs such as Joomla, where the
upgrade procedure is simply entering the room directory (in my case,
usually the website root /var/www/ directory) and "bombing" it with
the new files by unzipping a .tar.gzip right there.

On the other hand, I don't even really *know* where the "root"
directory of ledger-smb is (was just copying and pasting instructions
from the net in my command line, not really understanding the
subtleties or paying much attention to directories) and is the
"upgrade" procedure the same?

Please advise.

Best,
Matt J.

On 3/8/07, Chris Travers <..hidden..> wrote:
> Hi;
>
> Earlier today a security vulnerability was reported to us which could
> allow a non-authenticated user to access administrative functions.  We
> have released 1.1.9 to fix this vulnerability.
>
> Anyone who cannot upgrade is advised to put admin.pl behind some sort
> of http authentication.
>
> Best Wishes,
> Chris Travers
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys-and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Ledger-smb-users mailing list
> ..hidden..
> https://lists.sourceforge.net/lists/listinfo/ledger-smb-users


--
Regards,
Matt