[owncloud-devel] Fwd: SabreDAV 1.7.11 and 1.8.9 released, fixing two critical issues
thomas.mueller at tmit.eu
Fri Feb 28 16:58:57 MET 2014
Pull requests are open:
Am Freitag, den 28.02.2014 um 16:38 schrieb Thomas Müller:
> Thanks for the notification!
> The XXE issue is already patch in our codebase which will be released with 6.0.2 and 5.0.15.
> The fpassthru issue is only relevant for osx on server side - right?
> Take care,
> Am Freitag, den 28.02.2014 um 16:15 schrieb Thomas Tanghus:
> > ---------- Forwarded Message ----------
> > Subject: SabreDAV 1.7.11 and 1.8.9 released, fixing two critical issues
> > Date: Wednesday 26 February 2014, 14:37
> > From: Evert Pot <evertpot at gmail.com>
> > To: sabredav-discuss at googlegroups.com
> > Hi everyone,
> > We just released SabreDAV 1.7.11 and 1.8.9. Both of these releases fix two
> > critical issues.
> > Upgrade by running:
> > composer upgrade sabre/dav
> > or grab the zips from:
> > https://github.com/fruux/sabre-dav/releases
> > This release fixes a security issue and an issue related to large files in
> > SabreDAV.
> > *XXE issue*
> > Previous SabreDAV versions had a security issue, if running on the
> > following PHP versions
> > * PHP 5.3, older than 5.3.23
> > * PHP 5.4, older than 5.4.13
> > * PHP 5.5 is not affected by this.
> > You are strongly recommended to upgrade, as the security issue could expose
> > local files or easily trigger a DOS attack.
> > More information here:
> > <http://websec.io/2012/08/27/Preventing-XEE-in-PHP.html>
> > *Large file support*
> > It was also discovered that SabreDAV can often not serve files larger than
> > 2GB, due to a bug in PHP's fpassthru method.
> > If you ran into this issue, update sabredav. We are now no longer using
> > fpasshtru.
> > More information here: http://evertpot.com/fpassthru-broken/
> > --
> > You received this message because you are subscribed to the Google Groups
> > "SabreDAV Discussion" group.
> > To unsubscribe from this group and stop receiving emails from it, send an
> > email to sabredav-discuss+unsubscribe at googlegroups.com.
> > To post to this group, send email to sabredav-discuss at googlegroups.com.
> > Visit this group at http://groups.google.com/group/sabredav-discuss.
> > For more options, visit https://groups.google.com/groups/opt_out.
> > -----------------------------------------
> > --
> > Med venlig hilsen / Best Regards
> > Thomas Tanghus
> > _______________________________________________
> > Devel mailing list
> > Devel at owncloud.org
> > http://mailman.owncloud.org/mailman/listinfo/devel
> Devel mailing list
> Devel at owncloud.org
More information about the Devel