[ic] 4.8 update
peter at pajamian.dhs.org
Thu Jan 1 02:31:38 EST 2004
> Hello all!
> I saw a message come through here mentioning an upgrade to the
> 4.8 series to fix a security issue (I think) with mv_nextpage. Is there
> a mention somewhere of what the security issue is? I looked on the
> icdevgroup.org site but didn't see anything. I am running a hacked
> 4.8.6, I need to diff it against the stock 4.8.6 so I can reapply the
> patches to later pre-5 releases, but until then I will need to
> hand-patch the security fix into my installation. First I wanted to
> determine my exposure to the issue.
You could just use the workaround mentioned in Mike's email on the subject:
> To work around the problem without updating, make sure you remove all
> references to @@MV_PREV_PAGE@@ in all pages -- in the standard
> foundation this is found in special_pages/missing.html and
> special_pages/violation.html. It can be replaced with [subject]
> if you have Interchange 4.8.3 or higher or any Interchage 4.9.
That's what I did since I have a 4.9.9 catalog that was upgraded from 4.8.
More information about the interchange-users