Today we are releasing three new versions of Interchange:
- Interchange 5.7.2 is the latest development version representing 10 months of improvements and an impressive list of new features to improve developer efficiency and fix bugs.
- Interchange 5.6.2 is the latest stable version which includes the most important changes backported to provide the most stability possible for those upgrading from versions 5.6.0 or 5.6.1.
- Interchange 5.4.4 is an update of the previous stable series of releases provided only to fix a security problem.
All three releases provide a new security feature to close a serious security vulnerability which we will describe here:
A remotely exploitable security vulnerability has been discovered where any table configured within Interchange could be viewed remotely by an unauthenticated user, by using a specially crafted search request.
This vulnerability affects all previous versions of Interchange. Even without using the search structure provided in the default install, your catalog could still be vulnerable.
To protect against exploits, we strongly recommend all public Interchange sites upgrade and use the new configuration directive AllowRemoteSearch.
Posts
0 comments:
Post a Comment
Don't forget to leave your comment about this post.
It will help us to improve this blog.