Page 1 of 1
CMSMS 1.2.3 Upgrade and TinyMCE
Posted: Fri Jan 04, 2008 12:17 am
by Nullig
I notice that the 1.2.2 to 1.2.3 diff doesn't include the full TinyMCE upgrade to 2.2.7.
Is it necessary to upgrade TinyMCE as well as CMSMS to avoid the exploit?
Nullig
Re: CMSMS 1.2.3 Upgrade and TinyMCE
Posted: Fri Jan 04, 2008 12:20 am
by calguy1000
The exploit was in TinyMCE afaik.
Re: CMSMS 1.2.3 Upgrade and TinyMCE
Posted: Fri Jan 04, 2008 12:34 am
by Nullig
The Blog announcement says that the 1.2.3 upgrade is to fix the sql injection problem, which I believed was in TinyMCE, but the 1.2.2-1.2.3 diff doesn't include the full TinyMCE update. Was it just missed in the diff file?
Nullig
Re: CMSMS 1.2.3 Upgrade and TinyMCE
Posted: Fri Jan 04, 2008 2:03 pm
by Ted
1.2.3 has whatever was in the TinyMCE trunk at the time, with the exploit fixed. I'm not sure of what upstream version was in there, only that the patch was put out as fast as possible.