issue
Security Issue in many mail systems
Wed, 07/06/2011 - 13:04 — Alexis WilkeIt always amazes me when one finds a security issue that looks like something that should never have happened in the first place.
This one was found earlier this year by Wietse Venema who first discovered the issue in Postfix.
He fixed the Postfix server quickly, however, he went further. He actually tested many other servers sending commands that bypass that very security measure and to his surprised he found out that Postfix wasn't the only system affected by the problem.
For those interested, all the details of the problem can be found on the Postfix website as CVE-2011-411.
A
Ping this!Simplemenu Upgrade Path
Version 7.x
Version 7.x-1.x-dev is a starting point... It is not complete, although it shows you a functional Management menu as a dropdown. More to come as time allows... See issue [#791664] for more info.
Version 6.x
Version 6.x-1.13 fixes the vertical menu problem which had to do with CSS caching getting lost.
Version 6.x-1.10 to 6.x-1.12 fixes the non-called theme() function versus the other sub-modules that have callbacks through the theme() calls. However, we really need to have callbacks instead. Added horizontal and vertical themes. Attempts to fix to the vertical menu problem
Upgrade to PHP 5.3.3 or older because of security issue
Thu, 06/09/2011 - 17:26 — Alexis WilkeIf you are responsible for a Debian or Ubuntu server and run PHP on it, make sure to run the following command to fix several security issues found in PHP:
sudo apt-get install php5-suhosin
This will make the necessary and your PHP version (security wise) will look like you have PHP 5.3.3.
What I found quite annoying in regard to this issue is the fact that it was very difficult to find a mention of this upgrade. All I could find in large number were people saying that you'd have to get an upgrade using the source code of PHP. Somehow, I did not feel like upgrading PHP from source!
MobileKey addition to ThemeKey
The main idea of MobileKey is to give you the capability to switch your website theme to a mobile specific theme when the user access your site from one's mobile phone. A mobile theme will make it easier to access your website on a mobile device.
For go to the ThemeKey settings page:
Administer » Site configuration » ThemeKey
The MobileKey adds one selection to the list of attributes to match. The new selection is called:
mobile:device
This works everywhere on your website (it is a global option, not specific to any kind of pages.) The system checks different parameters to
Drupal Aggregator
The default Aggregator Drupal module does not work very well. There are several problems with the Drupal Core module, one of which we have not fixed in our version (i.e. the flatness of the item table.)
There is a list of the known issues and our comments and whether we fixed the problem:
| Problem | Solution in m2osw's version of Aggregator |
|---|---|
| Missing XML marker | The <?xml ... ?> marker is missing from some RSS feeds, add it as required |
| Spurious ... |
How to bypass Drupal strong security?
Thu, 02/17/2011 - 17:45 — Alexis WilkeInterestingly enough, today I received a Security Advisory from Drupal saying that users received an email from a hacker asking them to install a Trojan module on their Drupal system.
I find it quite interesting since, if Drupal wasn't secure, the hackers would not have to ask you to make it unsecure, would they?
However, this shows how many CMS systems introduce a security issue problem to your web server installation since it is required to let your web server execute any one PHP file...
All the files installed on your web server and that are directly accessible from the outside (i.e. ...
"Ruthing" of your Avatar
Wed, 08/04/2010 - 16:37 — Doug BarbieriHi all,
With the release of Linden Lab's Viewer 2, an issue has cropped up for users of SLiteChat. Presently, SLiteChat does not attempt to rez your avatar in-world. With pre-2.0 viewers, this was never an issue (the AV just appears as a ghosty-blob). However, Viewer 2.0 handles in-world rendering a little differently than pre-viewer 2 and other viewers like Snowglobe and Emerald. This results in a fully dressed AV that has the default "Ruth" body (i.e. if you have a male avatar, it will appear as female, hovering in the air, to users of Viewer 2 who try to look at you).
Simplemenu Inactive Parents
Description
A simple menu is composed of parent menus and children menus. A child has no drop-down menu and a parent does.
By default all the menu items are active, meaning that they all are links one can click on to reach the corresponding destination.
This simplemenu extension allows for turning the link off by replacing the anchor reference in a named anchor. The HTML tag being the same, the simplemenu looks the same, but the item cannot be clicked.
At this time, there is no option to make some of the parent items clickable and others not.
Setup
There is no settings for this module.
jsMath Security Issue
Security Issue
A security issue was found in all versions of jsMath before 2.x-dev for Drupal 6.x of Jul 29, 2010.
You may still securely use older versions of jsMath on private websites and websites were you are the only user (as in, the only one who can log in.)
The Drupal Security Advisory issue is here: http://drupal.org/node/854402
jsMath Installation
Requirements
In order to use the jsMath for displaying mathematics with TeX Drupal 6.x module you need:
- The actual jsmath Drupal module
- The jsMath library
-
February 2011
-
February 2011
-
August 2010
