YaWiki 0.21.1 Released

This is a security upgrade. You can download it from the usual location at http://yawiki.com/.

Arnaud Limbourg performed a full code audit for $_GET, $_POST, and $_SERVER usage. He discovered some instances of unescaped $_SERVER values in the controller scripts (not the templates). Escaping has been applied to those instances, even in some cases where it does not appear immediately necessary. The flaws have no reported exploit in the wild, but users are strongly encouraged to upgrade regardless.

Thanks, Arnaud. 🙂

Are you stuck with a legacy PHP application? You should buy my book because it gives you a step-by-step guide to improving your codebase, all while keeping it running the whole time.

One thought on “YaWiki 0.21.1 Released

  1. I would not go as far as “full code audit” but I tried to fix what I found and I may have left some out 🙂

    BTW Paul, it would be nice if you could provide a unified patch to make it easier to upgrade an existing yawiki install.

Leave a Reply

Your email address will not be published. Required fields are marked *