Page 1 of 1

Security of Webinator V6.01

Posted: Tue Nov 14, 2017 8:20 pm
by rjshelq
I am currently running Free Webinator Version 6.01.1325780201 20120105 (x86_64-unknown-linux2.6.9-64-64) which does everything that I need. So I don't need to upgrade to the current version to get any new features, but I'm wondering: should I upgrade due to any known security issues?

Are there any known security issues with Free Webinator Version 6.01.1325780201 20120105 (x86_64-unknown-linux2.6.9-64-64) which would make upgrading to the current version advantageous?

Security of Webinator V6.01

Posted: Thu Nov 16, 2017 10:47 am
by Kai
There have been a number of enhancements and fixes in Webinator since that release of 6.01. Some of the security-related ones are:

* XSS (cross-site-scripting) vulnerability fixed in search's RSS URL, and admin interface
* SSLv3 deprecated
* Added CSRF (cross-site-request forgery) protection to all forms
* Fixed unverified access to walk errors