Perlfect Solutions
 

[Perlfect-search] Perlfect Search 3.10 released

Daniel Naber daniel.naber@t-online.de
Wed, 8 Nov 2000 19:51:58 +0100
Today a new version of Perlfect Search, 3.10, has been released. This 
release contains a security fix to protect against so called cross site 
scripting attacks.

To learn more about cross site scripting:
http://www.cert.org/advisories/CA-2000-02.html

It's important to understand that this is both a client and server issue, 
but that is was never possible to attack your server because of this bug.

As usual, the new version is available from
http://perlfect.com/freescripts/search/

IMPORTANT: The first release of 3.10 had an incomplete fix, just as the 
patch that was posted to this list. If you already downloaded 3.10 or only 
applied the patch, please download it again. The correct version uses the 
cleanup() call twice in search.pl.

Thanks to Thomas Springer <tspringer@idgcom.de> who (also) noted this bug 
and notified us.

Regards
 Daniel Naber

-- 
Daniel Naber, Paul-Gerhardt-Str. 2, 33332 G�tersloh