Nikolas
Mon 27 March 2006, 06:00 pm GMT +0200
For another time a critical security hole discovered in phpAdsNew.
So if you are using phpAdsNew you should upgrade your copy immediatly.
Here is the changeLog for that version :
Notes:
CRITICAL BUGFIX RELEASE
phpAdsNew 2.0.8 was released to fix multiple vulnerabilities that were recently
discovered. The major changes and fixes are:
- Fixed HTML injection and XSS in the login form and banner delivery;
- Improved compatibility with MySQL 5 running in strict SQL modes;
- Updated the documentation adding PDF bookmarks and a new licensing model.
Every user is urged to upgrade!
The release contains also some other bug fixes and improvements: see the
changelog for more details.
Changes:
+ Misc changes
- 2006-01-24: Added support for MySQL 4.1+ and 5+ running ANSI or strict
modes, by explicitly setting the SQL mode (Matteo)
- 2006-03-26: Updated documentation licence and added PDF bookmarks for
easier navigation (Niels, Matteo)
+ Misc bugfixes
- 2005-11-20: Views and clicks for non exiisting banners were wrongly
assigned to an unnamed hidden campaign (Matteo, thanks to
C. Viebrock)
- 2005-11-20: Fixed some incompatibilities in SWF converter because of a
missing NULL byte (Matteo)
- 2005-12-07: Geotargeting wasn't correctly working when using local
invocation inside a PHP function - bug #1374437 (Matteo,
thanks to D. Kraft)
- 2005-12-23: Fixed possible HTML injection and XSS vulnerability in
lib-history.inc.php - bug #1386287 (Matteo)
- 2006-01-22: Fixed possible HTML injection and XSS vulnerability in the
login form (Matteo, thanks to V. Khera)
- 2006-01-23: Fixed problems in adview.php and lib-view-main.inc.php when
no user agent was supplied - bugs #1404174/#1406092 (Matteo)
- 2006-01-23: Fixed a bug in the SYSVSHM delivery cache module which
prevented it from correctly working - bug #1388635 (Matteo)
- 2006-03-13: MySQL 5 compatibility mode wasn't correctly activated during
install or upgrade (Matteo)
- 2006-03-22: Duplicating SQL stored banners wasn't duplicating the image -
bug #1450612 (Matteo, thanks to B. Franz)
- 2006-03-22: Last month/year selections didn't include the last day of the
period in the stats screens - bug #1441150 (Matteo)
- 2006-03-23: XML-RPC invocation didn't correctly work if the library was
included inside a function - bug #1456409 (Matteo)
So if you are using phpAdsNew you should upgrade your copy immediatly.
Here is the changeLog for that version :
Quote
Notes:
CRITICAL BUGFIX RELEASE
phpAdsNew 2.0.8 was released to fix multiple vulnerabilities that were recently
discovered. The major changes and fixes are:
- Fixed HTML injection and XSS in the login form and banner delivery;
- Improved compatibility with MySQL 5 running in strict SQL modes;
- Updated the documentation adding PDF bookmarks and a new licensing model.
Every user is urged to upgrade!
The release contains also some other bug fixes and improvements: see the
changelog for more details.
Changes:
+ Misc changes
- 2006-01-24: Added support for MySQL 4.1+ and 5+ running ANSI or strict
modes, by explicitly setting the SQL mode (Matteo)
- 2006-03-26: Updated documentation licence and added PDF bookmarks for
easier navigation (Niels, Matteo)
+ Misc bugfixes
- 2005-11-20: Views and clicks for non exiisting banners were wrongly
assigned to an unnamed hidden campaign (Matteo, thanks to
C. Viebrock)
- 2005-11-20: Fixed some incompatibilities in SWF converter because of a
missing NULL byte (Matteo)
- 2005-12-07: Geotargeting wasn't correctly working when using local
invocation inside a PHP function - bug #1374437 (Matteo,
thanks to D. Kraft)
- 2005-12-23: Fixed possible HTML injection and XSS vulnerability in
lib-history.inc.php - bug #1386287 (Matteo)
- 2006-01-22: Fixed possible HTML injection and XSS vulnerability in the
login form (Matteo, thanks to V. Khera)
- 2006-01-23: Fixed problems in adview.php and lib-view-main.inc.php when
no user agent was supplied - bugs #1404174/#1406092 (Matteo)
- 2006-01-23: Fixed a bug in the SYSVSHM delivery cache module which
prevented it from correctly working - bug #1388635 (Matteo)
- 2006-03-13: MySQL 5 compatibility mode wasn't correctly activated during
install or upgrade (Matteo)
- 2006-03-22: Duplicating SQL stored banners wasn't duplicating the image -
bug #1450612 (Matteo, thanks to B. Franz)
- 2006-03-22: Last month/year selections didn't include the last day of the
period in the stats screens - bug #1441150 (Matteo)
- 2006-03-23: XML-RPC invocation didn't correctly work if the library was
included inside a function - bug #1456409 (Matteo)