Michael Morin has discovered a critical vulnerability in Typo prior to release 5.0.4.98.1 which may lead to arbitrary code execution and privilege escalation on Typo blogs. Even though 5.0.4b1 was released yesterday, this vulnerability is critical enough to make us release 5.0.4b2 today.
This release also fixes a bunch of bugs such as:
- Missing dependencies in the installer.
- articles.rss and articles.atom bad naming.
- Bad unordered lists display on the new default theme.
You can download this new version on Rubyforge, or just install the gem.
Hi,
I have updated to this version. Everything is working fine except for posting from Textmate. I was doing it with no problem and now I can’t. When I try to fetch a post it tells “no posts found”.
Congrats for the good work
I see, it’s a problem we’ve reported today at http://redmine.typosphere.org/issues/show/1238 we’re going to fix this for the final version, which may come by July the 21th due to some things I still need to add.
I run my blog on typo 5.0.4 beta2 and http://my.domain/articles.atom says 500 Internal Server Error
I use lighttpd, in error log there are no info, in access.log:
81.7.79.49 blogpl.toostis.com - [15/Jul/2008:16:12:01 +0300] “GET /articles.atom HTTP/1.1” 500 71 “http://blogpl.toostis.com/” “Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.1) Gecko/2008071222 Firefox/3.0.1” 81.7.79.49 blogpl.toostis.com - [15/Jul/2008:16:12:07 +0300] “GET /articles.atom HTTP/1.1” 500 71 “-” “Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.1) Gecko/2008071222 Firefox/3.0.1”