Added changelog entry for 3.4.3

2025-09-26 11:19:26 +02:00 · 2012-05-22 15:58:11 +02:00 · 2012-05-22 15:58:11 +02:00 · 4c5e5b7bf5
commit 4c5e5b7bf5
parent 185998a219
1 changed files with 13 additions and 0 deletions
--- a/13
+++ b/13
@ -1,4 +1,17 @@
 ---------------------------------------------------------------------------
+Version 3.4.3 (stable), 2012-05-22
+- Fixed several security vulnerabilities discovered by Filippo Cavallarin. 
+  This contains the following fixes: 
+  - Fixed SQL Injection vulnerability in admin/view.php
+  - Fixed Cross Site scripting issue filter parameter on index.php
+  - Fixed Cross site scripting issue of id parameter on admin/reports.php 
+  - Fixed Cross site scripting issue of id parameter on admin/searches.php
+- Fixed arbitrary file read issue in Disk LogStream class.
+  The config.php file does now contain an array "DiskAllowed" which 
+  contains allowed directories. Only files located within these allowed 
+  directories can be accessed in LogAnalyzer. By default, 
+  only /var/log is allowed.
+---------------------------------------------------------------------------
 Version 3.4.2 (stable), 2012-05-07
 - Fixed a #bugid 303, VerifyChecksumTrigger function in logstreamdb 
  class did not generate a lowercase triggername.