[opencms-dev] OpenCms (7.5.0) - Vulnerability: Cross-Site Scripting, Phishing Through Frames, Application Error

[Alexander Kandzior]

Manfred,

> By the way, I haven't found an up-to-date
> roadmap on the website - are there any informations about upcoming
> releases available in public?

Unfortunately not. This is because often releases are depended on customer
feedback, and we never know if we get this feedback in time. 

> Some weeks ago (I think it was short after the release of 7.5) there
> were some discussions about security issues of the image-scaling
> functionality. Are they already fixed or will they be fixed together
> with the current issue?

I am not aware that these issues exist, so we have not taken action. "Some
discussions" I find too vague an issue description. If security issues
exist, it's best to post these to a security related forum like
www.securityfocus.com. What is posted there we take seriously.

> Would it be possible to post a message to this list as soon as these
> issues are fixed in the cvs so that "experienced" users could integrate
> it into their running systems without waiting for the release.

Certainly.

Kind Regards,
Alex.
 
-------------------
Alexander Kandzior
                                                              
Alkacon Software GmbH  - The OpenCms Experts                 
http://www.alkacon.com - http://www.opencms.org