NewsFeaturesDownloadsDevelopmentSupportAbout Us

Critical security issues found in the templateeditor plugin

Following a security audit after the recent security issues found the core Lifetype code, the development team found several critical security issues in the templateeditor plugin.

< !-- ADS -->

These issues are considered critical and they could allow an attacker to reveal the content of sensitive files. This security issue affects all versions of Lifetype with the 'templateeditor' plugin installed, up to Lifetype 1.1.6 and Lifetype 1.2-beta2.

A mandatory update for this plugin is available for Lifetype 1.1.x here:

http://downloads.sourceforge.net/lifetype/1.1_templateeditor.zip 

If you are already running Lifetype 1.2-beta2, the fixes have already been merged and are available as part of the nightly plugins snapshot from our Subversion repository:

http://www.lifetype.net/snapshots/lifetype-plugins-latest.zip

Despite these latest security issues, security is a top priority for the development team and the internal security audit will continue. 

  1. Comment Files?

    Is there a way to check which files have been changed? I don't see anything in the readme!

    Posted by jochen 23 Feb 2007, 02:04
  2. Comment Re: Files

    We don't provide incremental update packages for plugins, you will have to download the full package and compare.

    Posted by oscar 23 Feb 2007, 03:52
  3. Comment Templates?

    How exactly does one get a user name and password? I keep getting re-directed telling me to use the below form to sign up...but there is no form below to sign up.

    I'm trying to be able to download a template but can't without having a username/password.

    Posted by Lisa Renee 12 Mar 2007, 16:49
  4. Comment Re: Templates

    You don't need a username or a password to download templates. The wiki page listing the template only contains an screenshot of all templates available, and not the templates themselves.

    You can find all the templates in our sourceforge.net pages:

    http://sourceforge.net/project/showfiles.php?group_id=83964&package_id=100435&release_id=445151

    Posted by oscar 12 Mar 2007, 18:21
  5. Comment Is it already updated?

    The readme.txt reads , that the version
    "Release Date: 2005/11/27
    Version: 1.3"

    Is the link correct, or the file faulty?

    Posted by tobi 14 Mar 2007, 16:23