Re: ElkArte 1.1.1 - Release announcement
Reply #3 –
Can someone explain why I cannot find a theme that will work with 1.1.1 without error?
Re: ElkArte 1.1.1 - Release announcement
Reply #4 –
Because the available themes are compatible with 1.0 version. Please be patient, they will be modified to work with 1.1 version. The team focused on releasing the 1.1.1 version and correcting bugs and security holes, most of Spud's add-ons were also upgraded to 1.1 version, and I think the next step could be upgrading the themes for 1.1 version.
Re: ElkArte 1.1.1 - Release announcement
Reply #5 –
Yesterday I was a bit in a hurry and I couldn't manage to write it in the release announcement, though the security hole was related to the fact that the ILA code I wrote to inject the image directly into the post, was exposing the temporary name of the uploaded file to the client. This, in particular conditions of not very well configured server (i.e. attachments directory accessible from the web and executable set to any newly uploaded file), could have given an attacker the possibility to execute arbitrary code on the server.
The code is now changed so that a different hash, completely unrelated to the temporary name of the file, is sent to the client (the "shape" of the hash sent is still the same in order to reduce the impact of the patch), making it impossible again to identify the newly uploaded file.
Re: ElkArte 1.1.1 - Release announcement
Reply #11 –
As 1.1.1 is described as security fix and critical update will there be an update from 1.0.10 to 1.0.11 too?
Re: ElkArte 1.1.1 - Release announcement
Reply #14 –
Great effort... Truly appreciated and love your work. You did awesome job. Love more then smf.