comanage-dev - [comanage-dev] Security Patch for CakePHP
Subject: COmanage Developers List
List archive
- From: Benn Oshrin <>
- To: comanage-dev <>
- Subject: [comanage-dev] Security Patch for CakePHP
- Date: Sun, 15 Jul 2012 21:57:39 -0400
There's a bug in the XML utility that can allow a remote attacker to read arbitrary files over the REST API. See
http://groups.google.com/group/cake-php/t/9a79c8fc42a5ad7f
I suspect we're not particularly susceptible to this since (1) authn is required for the REST API and (2) there aren't really any live instances of the REST API, but if you're concerned you can manually apply the patch or update to r315.
Note that the patch was only released for 2.1.5 and 2.2.1 -- they are no longer maintaining the 2.0 branch. As such, I manually applied the patch to the source tree.
-Benn-
- [comanage-dev] Security Patch for CakePHP, Benn Oshrin, 07/15/2012
Archive powered by MHonArc 2.6.16.