[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security update for LedgerSMB 1.1

This leads to an interesting point for "newbies": how do you upgrade?
I am used to using php/mysql programs such as Joomla, where the
upgrade procedure is simply entering the room directory (in my case,
usually the website root /var/www/ directory) and "bombing" it with
the new files by unzipping a .tar.gzip right there.

On the other hand, I don't even really *know* where the "root"
directory of ledger-smb is (was just copying and pasting instructions
from the net in my command line, not really understanding the
subtleties or paying much attention to directories) and is the
"upgrade" procedure the same?

Please advise.

Matt J.

On 3/8/07, Chris Travers <..hidden..> wrote:

Earlier today a security vulnerability was reported to us which could
allow a non-authenticated user to access administrative functions.  We
have released 1.1.9 to fix this vulnerability.

Anyone who cannot upgrade is advised to put admin.pl behind some sort
of http authentication.

Best Wishes,
Chris Travers

Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
Ledger-smb-users mailing list