Serious security issue in Zoph

23 Sep 2009 by jeroen

During development of Zoph 0.8.1, I found a privilege escalation issue that affects all versions of Zoph; this means that a user that is logged in in Zoph can perform actions that this user is not allowed to do. This includes a user that is logged in through the default user feature. You should upgrade your Zoph installation as soon as possible, if you cannot upgrade right away, you should at least disable the default user feature until you have upgraded.

I have published 2 new versions of Zoph to the sourceforge site: Zoph 0.8.0.1, for users of Zoph 0.8. If you are using one of the feature-releases (0.7.x), you should also upgrade to this version. For users who are using 0.7 or 0.7.0.x and do not want to upgrade to 0.8 yet, you can upgrade to Zoph 0.7.0.8.

If you want to be automatically notified of new versions, you can subscribe to Zoph on the Freshmeat site, you will then receive an e-mail whenever a Zoph version is released. (Free registration on Freshmeat required).