[Moin-user] Moin Security Issues
Thomas Waldmann
tw-public at gmx.de
Mon Feb 1 03:54:18 EST 2010
Moin,
in case you're wondering, I recently got some very useful feedback from
a japanese guy currently doing MoinMoin security research - he found 3
critical issues yet.
If you are interested in moin security, please read (and subscribe to):
http://moinmo.in/SecurityFixes
One of the issues he found was fixed in 1.9.1 release (only affects 1.9
installations), we are currently working on the more recent 2 issues
(which affect all moin versions >=1.5).
Likely this will lead to new 1.9 and 1.8 releases, please install them
as soon as they are available. We also will patch 1.7 (for some popular
linux distributions still having moin 1.7 packages), but considering the
easy upgrade from 1.7 to 1.8, there won't be a new 1.7 release.
Please note that details about what the issues exactly are and how they
could be exploited are intentionally not given NOW, to give developers,
package maintainers and site administrators time to fix stuff.
Please use the time. If you are running something that's not up-to-date,
upgrade to latest 1.8.x or 1.9.x NOW and follow the SecurityFixes page.
1.8.x is still maintained for people who don't want to deal with WSGI
stuff right now. If that's not an issue for you, please upgrade to
latest 1.9.x.
Cheers,
Thomas
More information about the Moin-user
mailing list