Nach mittlerweile recht langer Zeit gibt es eine neue Version der Weblogsoftware Textpattern. Die Version 4.0.5 ist ein Sicherheitsrelease, da eine XSS-Sicherheitslücke in der Kommentar-Vorschau geschlossen wurde. Es sei also allen Nutzern angeraten, die neue Version zu installieren.
Since the authentification cookie is restricted to the admin-directory and not accessible from the front-end, in most cases this means “only� the info from the comment-data-cookie might be leaked. Users that run textpattern together with other software or third party plugins that set cookies might be at risk of having other data leaked, when a user can be tricked into following certain links.
Gegenüber der Vorversion sind zahlreiche Änderungen und Verbesserungen in die neue Version mit eingeflossen:
- Fixed security issue on public-side (XSS) (thanks zarathu)
- Fixed path disclosure issue (thanks zarathu)
- Search for posted and last modifed dates in article list
- New tag:
<txp:hide />as a container for comments and other internal content- Changed tags:
<txp:comments />,<txp:category_list />,<txp:section_list />and<txp:image_index />support ‘sort’ attribute- Distribute jQuery 1.1.2 as a default JavaScript library
- Keep image properties on replacement
- Add ‘delete thumbnail’ function
- Support back end branding: customizable logo and color bar
- Table sort indicators
- Textile improvements
- Fix non-utf8 mails (iso 8859-1)
- better wrapping in admin-interface to prevent horizontal scrollbar
- Add comment status to comment notification mails
- Fix “infinite� pagination in rare edge cases
- Work around apache bug for file-downloads (in connection with mod_deflate)
- Fix error messages on wrong logins for older mysql versions
- Fix comment spam blacklist false positives
- Fix file_download-tag from showing the same url for different downloads
- Fix disappearing comment preferences in certain circumstances
- Fix “active class� in section_list, category_list
- Better cooperation with some proxies (and other HTTP/1.0 clients)
- Smarter comment submit button emphasises preview step
- Optionally hide spam comments in back end list
- Truncate longish article category titles in the write screen
- Handle thumbnailing of larger images
- Better MoveableType import
- Fix some more IIS issues
- New callback event: ‘textpattern_end’
- New callback event: ‘ping’
- New tag:
<txp:article_url_title />- Changed tag:
<txp:permlink />loses default title attribute- Changed tag:
<txp:file_download_link />returns filename as an additional URL part- Many, many minor improvements, see svn-logs
Download der aktuellen Version im Versionsarchiv.
Popularity: 12% [?]
0 Responses
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.