Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

Important go-dev Security Patch releases.

Danny Yoo dyoo at acoma.Stanford.EDU
Thu Jun 10 16:59:32 PDT 2004


On Wed, 9 Jun 2004, Bradley Marshall wrote:

>
> Thanks to a random internet hacker we have become aware of a major AmiGO
> security hole that was used to hose our server.
>
> If you have a local AmiGO installation, run, don't walk, to
> http://sourceforge.net/project/showfiles.php?group_id=36855&package_id=33201
> to grab one of the new software releases.
>
> AmiGO 1.x users should grab the go-dev-20040609-amigo1.5 release.  AmiGO 2.0
> users can either grab the go-dev-20040609-amigo2.0 release or just do a cvs
> update.
>
> For AmiGO 1.x users who want to touch their installation as little as
> possible, the files of interest are
>
> go-dev/perl-api/GO/CGI/Session.pm
> go-dev/perl-api/GO/CGI/Analysis.pm
> go-dev/perl-api/GO/CGI/HTML.pm
> go-dev/perl-api/GO/IO/HTML.pm


Hi Bradley,

What changes were made to clean up the parameter passing?

Explanation: we have a local copy of AmiGO 1 that's customized for our
site (bunch of Javascript stuff to better integrate with our publication
database), and it'll be a bit of work for us to take what's in CVS.  It
might be easier for us to backport the parameter-passing security fixes.

Thanks!


--
This message is from the GOFriends moderated mailing list.  A list of public
announcements and discussion of the Gene Ontology (GO) project.
Problems with the list?           E-mail: owner-gofriends at geneontology.org
Subscribing   send   "subscribe"   to   gofriends-request at geneontology.org
Unsubscribing send   "unsubscribe"  to  gofriends-request at geneontology.org
Web:          http://www.geneontology.org/



More information about the go-friends mailing list