Author Archive | Holger Just

ChiliProject 3.7.0 has just been released. This release is a security release to fix security issues in Rails (CVE-2013-0277), the JSON gem (CVE-2013-0333, CVE-2013-0269) and with MySQL’s handling of strings and numbers during value comparison. This release contains no new features and 1 other bug fix for last tag in the Liquid template language. It is suitable for use [...]

ChiliProject 2.10.0 has just been released. This release is a security release to fix security issues in Rails (CVE-2013-0277), the JSON gem (CVE-2013-0333, CVE-2013-0269) and with MySQL’s handling of strings and numbers during value comparison. This release contains no other bug fixes or new features and is released for users who are unable to upgrade to ChiliProject 3.7.0. It is [...]

ChiliProject 3.5.1 has just been released. This release is a security release to fix a security issue of Rails (CVE-2013-0155) which allows attackers to issue unexpected database queries with IS NULL or empty where clauses. The vulnerability does not allow attackers to insert arbitrary values into an SQL query. Additional details are available in the updated advisory of [...]

ChiliProject 2.8.1 has just been released. This release is a security release to fix a security issue of Rails (CVE-2013-0155) which allows attackers to issue unexpected database queries with IS NULL or empty where clauses. The vulnerability does not allow attackers to insert arbitrary values into an SQL query. Additional details are available in the updated advisory of [...]

ChiliProject 3.5.0 has just been released. This release is a security release to fix a severe security issue of Rails (CVE-2013-0156) which allows attackers to inject and execute arbitrary code on the server hosting ChiliProject. This bug was fixed in Rails 2.3.15, which is included in this release of ChiliProject. This release contains no other bug fixes or [...]

ChiliProject 3.2.2 has just been released. This release is a security release to fix two security issues of Rails (CVE-2012-2694 and CVE-2012-2695) which allowe attackers to inject certain forms of SQL into the database queries generated by ChiliProject. The bugs were fixed in Rails 3.2.6. We have backported them to the version of Rails we [...]

ChiliProject 3.2.0 has just been released. It includes some new features and bugfixes for ChiliProject 3.1.0 as well as a security fix of Rails which was backported to our version. It is suitable for use on production websites and we recommend that all users download the release as soon as possible. Users of the old [...]

ChiliProject 2.7.2 has just been released. This release is a security release to fix a security issue of Rails (CVE-2012-2660). It addresses a bug in the parsing of requests by ActionPack. It was fixed in Rails 3.2.4 and was backported to the Rails version used by us. This release contains no other bug fixes or [...]

ChiliProject 2.7.1 has just been released. This release is a security release to fix several mass-assignment vulnerabilities. It contains no other bug fixes or new features and is released for users who are unable to upgrade to ChiliProject 3.1.0. It is suitable for use on production websites running ChiliProject 2.x and we highly recommend that [...]