 |
|
You are here: Foswiki>Support Web>KnownIssuesOfFoswiki01x00 (10 Jan 2013, GeorgeClark)Edit Attach
Known Issues of Foswiki 1.0.X Production Releases
These are known issues of Foswiki-1.0.X. If you use the newer 1.1.X releases see KnownIssuesOfFoswiki01x01 The latest Foswiki release is available at DownloadSecurity Alerts
 Get Alerted: |
To get immediate alerts of high priority security issues, please join the low-volume foswiki-announce list - details at MailingLists |
|---|
Security alerts or advisories apply to Release01x00 releases: - CVE-2009-1434: Foswiki Page View Cross-Site Request Forgery (CSRF) Fixed in: 1.0.6 FoswikiRelease01x00x06
- CVE-2012-1004: Foswiki Script Insertion Vulnerability via unchecked user registration fields Fixed in: 1.1.5 FoswikiRelease01x01x05
- CVE-2012-6329: Code injection vulnerability in MAKETEXT macro Fixed in: 1.1.7 PatchItem12285Contrib
- CVE-2012-6330: Denial-of-Service vulnerability in MAKETEXT macro Fixed in: 1.1.7 PatchItem12285Contrib
- CVE-2013-1666: Code injection vulnerability in MAKETEXT macro Fixed in: 1.1.8 FoswikiRelease01x01x08
- CVE-2014-7237: Windows Apache server configured using
.htaccessfiles can be compromised. Fixed in: 2.0 - SlideShowPlugin prior to version 2.1.4 has a cross site scripting vulnerability. Fixed in: 1.1.4 FoswikiRelease01x01x04
- CVE-n/a: Multiple vulnerabilities addressed in Foswiki-2.1.3. Fixed in: 2.1.3 FoswikiRelease02x01x03
- CVE-n/a: Multiple vulnerabilities addressed in Foswiki-2.1.4. Fixed in: 2.1.4 FoswikiRelease02x01x04
Release Foswiki-1.0.10
Major issues
| Task Ref | Affects | Description | Fix |
|---|---|---|---|
| Item9699 | Configuration | The configuration file is appended with each save instead of being updated. Changes are still applied because Foswiki reads the last item for duplicated entries, but obsolete information is left in the file and the file will grow with each save. | Available for testing. Replace lib/Foswiki/Configure/FoswikiCfg.pm and backup lib/LocalSite.cfg before testing. Fix prevents further duplication and removes duplicated items from LocalSite.cfg. Issue is fixed in 1.1.0. |
Minor issues
| Task Ref | Affects | Description | Fix |
|---|---|---|---|
| none |
Release Foswiki-1.0.9
Major issues
| Task Ref | Affects | Description | Fix |
|---|---|---|---|
| None |
Minor issues
| Task Ref | Affects | Description | Fix |
|---|---|---|---|
| none |
Release Foswiki-1.0.8
Major issues
| Task Ref | Affects | Description | Fix |
|---|---|---|---|
Minor issues
| Task Ref | Affects | Description | Fix |
|---|---|---|---|
| Tasks.Item2434 | All | The browser window title shows a BASE in front of the web name | Replace the provided replacement templates/foswiki.tmpl or upgrade to 1.0.9 |
Release Foswiki-1.0.7
NoneRelease Foswiki-1.0.6
Major issues
| Task Ref | Affects | Description | Fix |
|---|---|---|---|
| Tasks.Item1780 | Windows Installations | Under native Windows using .htpassword type authentication the encoding used in SHA1. Unfortunately a small bug has sneaked into 1.0.6 so new users that register do not get a valid password stored in the .htpasswd file. |
See Tasks.Item1780 for a quick easy fix. This has been fixed in 1.0.7 |
Minor issues
| Task Ref | Affects | Description | Fix |
|---|---|---|---|
| Tasks.Item8178 Tasks.Item1783 | NatSkin, NatEditPlugin | NatSkin and associated plugins are not compatible with the new security features introduced with 1.0.6. This causes problems with editing. | Upgrade NatSkin and NatSkinPlugin version > 3.90 (2009-07-02), as well as NatEditPlugin > 4.00 (2009-07-02) |
| Tasks.Item1822 | %IF statement | IF broken for numerical comparisons against zero | This has been resolved in 1.0.7 |
Release Foswiki-1.0.5
Major issues
| Task Ref | Affects | Description | Fix |
|---|---|---|---|
| None |
Minor issues
| Task Ref | Affects | Description | Fix |
|---|---|---|---|
| None |
Release Foswiki-1.0.4
Major issues
| Task Ref | Affects | Description | Fix |
|---|---|---|---|
| Tasks.Item1358 | EditTablePlugin | If you have multiple tables in a topic combined with text below the table that contains a vertical bar, the EditTablePlugin goes into deep recursion. From the user this is seen as no reply from the server and other users may experience that the server slows down if several people try to view the affected topic. | Upgrade EditTablePlugin to version 4.21 (26 Mar 2009) from configure .. or better .. upgrade Foswiki to 1.0.5 |
Minor issues
| Task Ref | Affects | Description | Fix |
|---|---|---|---|
| None |
Release Foswiki-1.0.0
Major issues
| Task Ref | Affects | Description | Fix |
|---|---|---|---|
| Tasks.Item597 | Some extensions | Extensions with CPAN dependencies containing a number can't be installed from within configure. These extensions are: DirectedGraphPlugin, ExecuterContrib, HeadlinesPlugin, LatexModePlugin, LdapContrib, LdapNgPlugin and PublishPlugin. Installer will return an error. It is still possible to install these extensions manually. You can also apply the patch to fix the problem |
Upgrade to 1.0.4 |
| Tasks.Item815 | Foswiki on Windows using the Windows Installer | Strawberry Perl on windows has No data read error when installing Plugins from configure |
Upgrade to 1.0.4 |
| Tasks.Item873 | All installations | Expired session files in the working/tmp dir are not deleted. This will make Foswiki run slower and slower until the directory can no longer hold more files. You can download the patch provided or manually edit the one line that needs to be changed. |
Upgrade to 1.0.4 |
| Tasks.Item744 | Installations under HTTPS= | When using foswiki under =HTTPS protocol to edit a topic and preview it, all the changes are lost if the user hits the back button in the browser. The problem was a malformed header related to expiration time. | Upgrade to 1.0.4 |
Minor issues
| Task Ref | Affects | Description | Fix |
|---|---|---|---|
| Tasks.Item909 | All installations | VIEW_TEMPLATE overrides preview template, leaving out all topic actions. Foswiki applications that use a custom view template will not show the preview page correctly. | Upgrade to 1.0.4 |
Edit | Attach | Print version | History: r38 < r37 < r36 < r35 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r38 - 10 Jan 2013, GeorgeClark
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. 
Legal Imprint Privacy Policy
Legal Imprint Privacy Policy