Tag Archives | 2.x series

ChiliProject 2.11.0 has just been released. This release is a security release to fix security issues in Rails (CVE-2013-1854 among other security advisories not relevant to ChiliProject). This release contains no other bug fixes or new features and is released for users who are unable to upgrade to ChiliProject 3.8.0. It is suitable for use on production websites running ChiliProject 2.x. While [...]

ChiliProject 2.10.0 has just been released. This release is a security release to fix security issues in Rails (CVE-2013-0277), the JSON gem (CVE-2013-0333, CVE-2013-0269) and with MySQL’s handling of strings and numbers during value comparison. This release contains no other bug fixes or new features and is released for users who are unable to upgrade to ChiliProject 3.7.0. It is [...]

ChiliProject 2.9.0 has just been released. This release is a security release to fix a severe security issue of Rails (CVE-2013-0333) which allows attackers to inject and execute arbitrary code on the server hosting ChiliProject. This bug was fixed in Rails 2.3.16, which is included in this release of ChiliProject. This release contains no other bug fixes or new features [...]

ChiliProject 2.8.1 has just been released. This release is a security release to fix a security issue of Rails (CVE-2013-0155) which allows attackers to issue unexpected database queries with IS NULL or empty where clauses. The vulnerability does not allow attackers to insert arbitrary values into an SQL query. Additional details are available in the updated advisory of [...]

ChiliProject 2.8.0 has just been released. This release is a security release to fix a severe security issue of Rails (CVE-2013-0156) which allows attackers to inject and execute arbitrary code on the server hosting ChiliProject. This bug was fixed in Rails 2.3.15, which is included in this release of ChiliProject. This release contains no other bug fixes or new features [...]

ChiliProject 2.7.4 has just been released. This release is a security release to fix two XSS vulnerabilities (CVE-2012-3464, CVE-2012-3465) and a SQL injection vulnerability (CVE-2012-5664) of Rails. All these bugs were fixed in Rails, we have included the fixes from Rails or backported them to the version of Rails ChiliProject uses right now. This release contains no [...]

ChiliProject 2.7.2 has just been released. This release is a security release to fix a security issue of Rails (CVE-2012-2660). It addresses a bug in the parsing of requests by ActionPack. It was fixed in Rails 3.2.4 and was backported to the Rails version used by us. This release contains no other bug fixes or [...]

ChiliProject 2.7.1 has just been released. This release is a security release to fix several mass-assignment vulnerabilities. It contains no other bug fixes or new features and is released for users who are unable to upgrade to ChiliProject 3.1.0. It is suitable for use on production websites running ChiliProject 2.x and we highly recommend that [...]