This will probably become v2.1.2, so prepare the code for the release.

author Axel Beckert <xtaran@users.sourceforge.net>

Thu, 2 Oct 2008 01:09:41 +0000 (01:09 +0000)

committer Axel Beckert <xtaran@users.sourceforge.net>

Thu, 2 Oct 2008 01:09:41 +0000 (01:09 +0000)
author Axel Beckert <xtaran@users.sourceforge.net>
Thu, 2 Oct 2008 01:09:41 +0000 (01:09 +0000)
committer Axel Beckert <xtaran@users.sourceforge.net>
Thu, 2 Oct 2008 01:09:41 +0000 (01:09 +0000)
diff --git a/ChangeLog b/ChangeLog

index 70ce5f4126cfadb6a287a70a8373b3b12899f76e..f2650e46b71b46b947952e5d4bb1da7877eb9ed8 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+v2.1.2
+    * Fix XSS in $flavour (CVE-2008-2236). Thanks to Yoshinori Ohta of
+      Business Architects Inc. for making us aware of this issue.
+
  v2.1.1
      * The "never trust a dot zero release" bugfix release for 2.1.0.
      * Added CVS Id keyword to file header.
diff --git a/blosxom.cgi b/blosxom.cgi

index 44edf47264a4f5e195eb910a2c0a8a7745b397a4..712b8e2bd4795984e9cb90d8af85a6c1530478d2 100755 (executable)
--- a/blosxom.cgi
+++ b/blosxom.cgi
@@ -2,7 +2,7 @@
  
  # Blosxom
  # Author: Rael Dornfest (2002-2003), The Blosxom Development Team (2005-2008)
-# Version: 2.1.1 ($Id: blosxom.cgi,v 1.84 2008/10/02 01:05:34 xtaran Exp $)
+# Version: 2.1.2 ($Id: blosxom.cgi,v 1.85 2008/10/02 01:09:41 xtaran Exp $)
  # Home/Docs/Licensing: http://blosxom.sourceforge.net/
  # Development/Downloads: http://sourceforge.net/projects/blosxom
  
@@ -91,7 +91,7 @@ use File::stat;
  use Time::Local;
  use CGI qw/:standard :netscape/;
  
-$version = "2.1.1";
+$version = "2.1.2";
  
  # Load configuration from $ENV{BLOSXOM_CONFIG_DIR}/blosxom.conf, if it exists
  my $blosxom_config;
author	Axel Beckert <xtaran@users.sourceforge.net>
	Thu, 2 Oct 2008 01:09:41 +0000 (01:09 +0000)
committer	Axel Beckert <xtaran@users.sourceforge.net>
	Thu, 2 Oct 2008 01:09:41 +0000 (01:09 +0000)
ChangeLog		patch \| blob \| history
blosxom.cgi		patch \| blob \| history