Critical security issues found in the templateeditor plugin
22. Feb. 2007Following a security audit after the recent security issues found the core Lifetype code, the development team found several critical security issues in the templateeditor plugin.
These issues are considered critical and they could allow an attacker to reveal the content of sensitive files. This security issue affects all versions of Lifetype with the 'templateeditor' plugin installed, up to Lifetype 1.1.6 and Lifetype 1.2-beta2.
A mandatory update for this plugin is available for Lifetype 1.1.x here:
http://downloads.sourceforge.net/lifetype/1.1_templateeditor.zip
If you are already running Lifetype 1.2-beta2, the fixes have already been merged and are available as part of the nightly plugins snapshot from our Subversion repository:
http://www.lifetype.net/snapshots/lifetype-plugins-latest.zip
Despite these latest security issues, security is a top priority for the development team and the internal security audit will continue.
Is there a way to check which files have been changed? I don't see anything in the readme!
We don't provide incremental update packages for plugins, you will have to download the full package and compare.
How exactly does one get a user name and password? I keep getting re-directed telling me to use the below form to sign up...but there is no form below to sign up.
I'm trying to be able to download a template but can't without having a username/password.
You don't need a username or a password to download templates. The wiki page listing the template only contains an screenshot of all templates available, and not the templates themselves.
You can find all the templates in our sourceforge.net pages:
http://sourceforge.net/project/showfiles.php?group_id=83964&package_id=100435&release_id=445151
The readme.txt reads , that the version
"Release Date: 2005/11/27
Version: 1.3"
Is the link correct, or the file faulty?