Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

* Re-created the missing 5.0.1 entries.

  • Loading branch information...
commit 4f77b39ec62240b5518e0fc8745aba77e479e0be 1 parent 284c022
Kevin Walsh authored
Showing with 69 additions and 0 deletions.
  1. +69 −0 WHATSNEW-4.9
View
69 WHATSNEW-4.9
@@ -6,6 +6,75 @@
------------------------------------------------------------------------------
+Interchange 5.0.1 released 2004-03-29.
+
+Security
+--------
+
+* Plug a security hole which allows an attacker to expose arbitrary variable
+ contents by using an URL like
+ http://shop.example.com/cgi-bin/store/__SQLUSER__.
+
+ All Interchange applications using the standard "missing" special page
+ from the demo catalog or a similar one are vulnerable to this attack.
+ The attacker may learn the SQL access information for your Interchange
+ application and use this information to read and manipulate sensitive
+ data.
+
+* Disallow [ and < in page names when setting MV_PAGE and MV_PREV_PAGE
+ variables.
+
+* Prevent login information from getting re-saved on a session cancel.
+
+* Define a set of CGI keys that we don't want to save to disk, as
+ @Global::HideCGI.
+
+* Don't show sensitive (i.e. @Global::HideCGI) CGI variables in a dump.
+ This allows saving a session to disk for diagnositic purposes in case
+ of order failure.
+
+Core
+----
+
+* Allow [dump no-cgi=1 no-session=1 no-env=1] to finetune dump.
+
+* Tolerate leading whitespace in query in Vend::Form.
+
+Admin
+-----
+
+* Fix bug where affiliate reports don't filter based on that.
+
+* Make reports with no specified end_date work.
+
+* Fix missing relocation variables in Vend::Table::Editor found by Paul
+ Vinciguerra.
+
+Usertags
+--------
+
+* history-scan: Make pageonly=1 option work correctly when there's no
+ History saved in the user's session.
+
+Foundation
+----------
+
+* Remove unmatched </FORM> from cart_display component.
+
+Debian
+------
+
+* Add libhtml-parser-perl to Build-Depends to keep HTML::Entities
+ module out of the package (Closes: #224435, thanks to Henrik Holmboe
+ <elements@hack.se> for the bug report)
+
+* Switch to gettext-based debconf templates (Closes: #235494, thanks to
+ Martin Quinson <Martin.Quinson@tuxfamily.org> for the patch)
+
+
+------------------------------------------------------------------------------
+
+
Interchange 5.0.0 released 2003-12-15.
Core
Please sign in to comment.
Something went wrong with that request. Please try again.