[ic] 4.8 update

Peter peter at pajamian.dhs.org
Thu Jan 1 02:31:38 EST 2004


Jeff wrote:
> Hello all!
> 
> 	I saw a message come through here mentioning an upgrade to the 
> 4.8 series to fix a security issue (I think) with mv_nextpage.  Is there 
> a mention somewhere of what the security issue is?  I looked on the 
> icdevgroup.org site but didn't see anything.  I am running a hacked 
> 4.8.6, I need to diff it against the stock 4.8.6 so I can reapply the 
> patches to later pre-5 releases, but until then I will need to 
> hand-patch the security fix into my installation.  First I wanted to 
> determine my exposure to the issue.

You could just use the workaround mentioned in Mike's email on the subject:

> To work around the problem without updating, make sure you remove all
> references to @@MV_PREV_PAGE@@ in all pages -- in the standard
> foundation this is found in special_pages/missing.html and
> special_pages/violation.html. It can be replaced with [subject]
> if you have Interchange 4.8.3 or higher or any Interchage 4.9.

That's what I did since I have a 4.9.9 catalog that was upgraded from 4.8.

Regards, Peter


More information about the interchange-users mailing list