directories of the compiler/linker when using cwrappers. Command line
flags will often put them before the corresponding flags for
PREFIX/include and PREFIX/lib, so the version from outside .buildlink
would be prefered. The other way around is much less likely to be a
problem and normally the expected case. Bump required cwrappers version
for the necessary exact-match feature.
1.1.0
-----
Mostly bug fix release. Highlights:
* Inline model editing on the list page
* FileAdmin refactoring and fixes
* FileUploadField and ImageUploadField will work with Required() validator
* Bug fixes
For full changes, please refer http://www.piwigo.org/releases/2.7.4 and
related pages.
This release contains these security fixes.
* SQL injection CVE-2015-1517 reported by Schleier, Sven (KPMG Management
Consulting Singapore)
* SQL injection and XSS failures reported and corrected by Steffen Rösemann
Changes before 6.5.19, please refer: http://support.sugarcrm.com/02_Documentation/01_Sugar_Editions/05_Sugar_Community_Edition/
Fixed Issues
Sugar 6.5.20 is a security update released to address certain security
vulnerabilities identified during our routine QA checks.
We strongly recommend that you install this update at the earliest
opportunity. While we have not experienced any reported incidents relating to
these vulnerabilities to date, failure to install this update could leave you
exposed to the following types of malicious third party attacks:
Unauthenticated users may retrieve contents from system-generated files.
These vulnerabilities as well as an additional issue have been addressed in
release 6.5.20 which is available for download from the Download Manager.
Administrators are strongly encouraged to upgrade their Sugar instances
running 6.5.x or earlier to 6.5.20 to prevent potential exploitation of these
weaknesses.
