Filemanager postlet still considered risky?

Help with getting the CMS CORE package up and running. This does not include 3rd party modules, PHP scripts, anything downloaded via module manager or from any external source.
Locked
faglork

Filemanager postlet still considered risky?

Post by faglork »

Hi,

around 1.2.5, the upload postlet was AFAIR considered a security risk and we were advised to delete the whole folder.

In 1.4 the folder is still in the default installation.

Did I miss anything? Is the postlet now considered  secure?

If not, why does CMSMS still ship with it?

Cheers,
Alex
Top
User avatar
blast2007
Power Poster
Power Poster
Posts: 508
Joined: Wed Aug 01, 2007 5:36 pm

Re: Filemanager postlet still considered risky?

Post by blast2007 »

faglork wrote: Did I miss anything? Is the postlet now considered  secure?

If not, why does CMSMS still ship with it?

Cheers,
Alex
Postlet is still shipped but it is empty (dummy files). This is due to upgrade: empty postlet files overwrite old "risky" versions.

Regards
blast
Top
faglork

Re: Filemanager postlet still considered risky?

Post by faglork »

Thanks for clarification!

It would be nice if a corresponding note were included in the release notes.

Cheers,
Alex
Top
Locked

Return to “[locked] Installation, Setup and Upgrade”