For more information... RTFM!
NAVIGATION
ACCOUNT LOGIN

You are not logged in

Powered by Interchange version 5.7.0

Interchange security announcement

Security news
Kevin Walsh - 06 February 2008 - 10:07 PM (EST) Security news

A security bug in the Standard and Foundation ecommerce demos, supplied with current and previous Interchange releases, was recently discovered and corrected by Kevin Walsh.  All Interchange administrators will need to check, and possibly correct, the "missing.html" file in all of the Interchange-driven websites under their control.

If your "special_pages/missing.html" file contains a line that looks like this:

[if type=explicit compare="q{[subject]} =~ m{^admin/}"]

then you will need to replace that line with the following:

[tmpn missing_subject][subject][/tmpn]
[if scratch missing_subject =~ /^admin/]

If you find that you are unable to check for the problem, or uncomfortable about making the required change yourself, then feel free to contact us.  In exchange for a small donation to this RTFM website's housekeeping fund, we will arrange for a qualified Interchange consultant to make this change on your behalf.

This is a major security bug, with massive implications, so don't delay - check and patch all of your Interchange-driven websites today.


This article has one comment

William O. Yates - 28 March 2008 8:16 PM (EDT)
thank you kevin...!

Only logged-in users may post comments

Please log in if you would like to post a comment.
Home  |  Legal nonsense  |  Privacy policy  |  Donations  |  Contact us