Not signed in (Sign In)

Vanilla 1.1.10 is a product of Lussumo. More Information: Documentation, Community Support.

General Support: Plogger Security

Bottom of Page

1 to 2 of 2

  1.  
  1.  
    Hi Guys

    I want to know more about security vulnerability patches for Plogger Version Beta 3.0. I read through the bug reporting section http://codex.plogger.org/Reporting_Bugs#Patching_Bugs. I understand the Plogger Subversion (SVN) Repository where the latest code is kept, but that?s the entire source. For example it says ?For those running SVN, the changes were committed in r569? By saying ?running SVN? do they mean latest source? If I look at Changeset 569 then I see that it?s basically a set of bug fixes and old code is compared to new code side by side etc. So my questions are:

    1) With security in mind, should I update my code with the latest changeset as it?s released, that seems crazy?
    2) Does the latest changeset contain all other fixes before, it does not seem so? So without going to every changeset since installing a specific version of Beta 3 (by the way how do you know what version of Beta 3.0 you have) how do you update you current plogger that?s live? I understand that all the latest bugfixes are included in the latest Beta 3.0 download, so maybe starting with latest version of Plogger and then keeping up to date by applying latest changesets as they are released? Is that actually necessary cause surely not all bugs are security issues. Will all security issues be announced in the Announcements section in the Forum? Security Update for 1.0b3 users > That?s version 1.0 beta 3, not 3.0 beta right? If that?s the case, who would still be running that?

    I basically want to know, where to go and what to update (which files to update) pertaining to Security in Plogger Beta 3.0. I understand that if there is a specific bug that I come across that I really need fixed or that annoys me, if I had installed Plogger a few months ago, that most likely that bug has been fixed and I can go check out the changesets and find just that fix etc.

    Maybe there could be a section called Security in the Forum, with a subsection for patches + instruction to apply them and a subsection for security discussions ?
    •  
      CommentAuthorryanduff
    • CommentTimeSep 5th 2008
     
    Sorry for any confusion that was caused. We were trying to stick with 1.0 beta3 as the naming convention, but Mike released 3.0 a while back (which was never versioned by the way so I'm not exactly sure what changeset it is). What is currently being downloaded now is 1.0beta3 and not 3.0 as stated in the admin section. Since that release, there has been only 1 security issue (See Announcements: [Sticky] Important-- Security Update for 1.0b3 users)

    Any further security issues that are patched will be announced there if an associated version bump is not created. In this case, its only 2 files that need to be swapped out.

1 to 2 of 2

  1.