Mailing List Archive

Release of DAViCal 1.1.9.1
Well, that was fast. In the versioning process, we lost an anti-XSS
function that was supposed to be in htdocs/always.php.

So now we have version 1.1.9.1 with that corrected.

tar file:
https://gitlab.com/davical-project/davical/-/archive/r1.1.9.1/davical-r1.1.9.1.tar.gz

The commit associated with this release is

https://gitlab.com/davical-project/davical/commit/a3acb770ac6bc807feb2015b4eb10ab641322d19

Apologies for the glitch.

-Jim
Re: Release of DAViCal 1.1.9.1 [ In reply to ]
Thanks for the new release!

May I humbly request that you put the DAViCal software version somewhere on
the top line of the server page?

-- Johan

On Tue, 3 Dec 2019 16:42:31 -0800, Jim Fenton <fenton@bluepopcorn.net>
wrote:

> Well, that was fast. In the versioning process, we lost an anti-XSS
> function that was supposed to be in htdocs/always.php.
>
> So now we have version 1.1.9.1 with that corrected.
>
> tar file:
> https://gitlab.com/davical-project/davical/-/archive/r1.1.9.1/davical-r1.1.9.1.tar.gz
>
> The commit associated with this release is
>
> https://gitlab.com/davical-project/davical/commit/a3acb770ac6bc807feb2015b4eb10ab641322d19
>
> Apologies for the glitch.
>
> -Jim
>
>



_______________________________________________
Davical-general mailing list
Davical-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/davical-general
Re: Release of DAViCal 1.1.9.1 [ In reply to ]
Hi Johan,

What do you mean by "the top line of the server page"? Do you mean on
the administration page for DAViCal?

It's not always a good idea to be too specific to random users what
version is running, because it's then too easy to know what published
vulnerabilities can be exploited.

-Jim

On 12/4/19 7:20 AM, Johan Vromans wrote:
> Thanks for the new release!
>
> May I humbly request that you put the DAViCal software version somewhere on
> the top line of the server page?
>
> -- Johan
>
> On Tue, 3 Dec 2019 16:42:31 -0800, Jim Fenton <fenton@bluepopcorn.net>
> wrote:
>
>> Well, that was fast. In the versioning process, we lost an anti-XSS
>> function that was supposed to be in htdocs/always.php.
>>
>> So now we have version 1.1.9.1 with that corrected.
>>
>> tar file:
>> https://gitlab.com/davical-project/davical/-/archive/r1.1.9.1/davical-r1.1.9.1.tar.gz
>>
>> The commit associated with this release is
>>
>> https://gitlab.com/davical-project/davical/commit/a3acb770ac6bc807feb2015b4eb10ab641322d19
>>
>> Apologies for the glitch.
>>
>> -Jim
>>
>>
>
>
> _______________________________________________
> Davical-general mailing list
> Davical-general@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/davical-general


_______________________________________________
Davical-general mailing list
Davical-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/davical-general
Re: Release of DAViCal 1.1.9.1 [ In reply to ]
Hi Jim,

On Wed, 4 Dec 2019 10:27:53 -0800, Jim Fenton wrote:

> It's not always a good idea to be too specific to random users what
> version is running, because it's then too easy to know what published
> vulnerabilities can be exploited.

While that is true, it is sometimes handy to know, as system manager, what
the davical server version is...

Anyway, no big deal.

-- Johan


_______________________________________________
Davical-general mailing list
Davical-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/davical-general
Re: Release of DAViCal 1.1.9.1 [ In reply to ]
On 12/4/19 1:33 PM, Johan Vromans wrote:
> Hi Jim,
>
> On Wed, 4 Dec 2019 10:27:53 -0800, Jim Fenton wrote:
>
>> It's not always a good idea to be too specific to random users what
>> version is running, because it's then too easy to know what published
>> vulnerabilities can be exploited.
> While that is true, it is sometimes handy to know, as system manager, what
> the davical server version is...


It is possible to see that through the setup.php script. We just don't
broadcast it on the top of the main page.

-Jim




_______________________________________________
Davical-general mailing list
Davical-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/davical-general
Re: Release of DAViCal 1.1.9.1 [ In reply to ]
El 4/12/19 a les 22:36, Jim Fenton ha escrit:
>
> On 12/4/19 1:33 PM, Johan Vromans wrote:
>> Hi Jim,
>>
>> On Wed, 4 Dec 2019 10:27:53 -0800, Jim Fenton wrote:
>>
>>> It's not always a good idea to be too specific to random users what
>>> version is running, because it's then too easy to know what published
>>> vulnerabilities can be exploited.
>> While that is true, it is sometimes handy to know, as system manager, what
>> the davical server version is...
>
>
> It is possible to see that through the setup.php script. We just don't
> broadcast it on the top of the main page.
>

What about showing version there, only when session is logged with admin
permissions?

Salutations.


_______________________________________________
Davical-general mailing list
Davical-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/davical-general
Re: Release of DAViCal 1.1.9.1 [ In reply to ]
On Wed, 4 Dec 2019 13:36:27 -0800, Jim Fenton <fenton@bluepopcorn.net>
wrote:

> It is possible to see that through the setup.php script. We just don't
> broadcast it on the top of the main page.

Good enough for me, thanks!


_______________________________________________
Davical-general mailing list
Davical-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/davical-general