CMS Made Simple Forums

Content management as it is meant to be
https://forum.cmsmadesimple.org/

Filemanager postlet still considered risky?

https://forum.cmsmadesimple.org/viewtopic.php?t=24559

Page 1 of 1

Filemanager postlet still considered risky?

Posted: Sat Aug 09, 2008 10:34 am
by faglork
Hi,

around 1.2.5, the upload postlet was AFAIR considered a security risk and we were advised to delete the whole folder.

In 1.4 the folder is still in the default installation.

Did I miss anything? Is the postlet now considered  secure?

If not, why does CMSMS still ship with it?

Cheers,
Alex

Re: Filemanager postlet still considered risky?

Posted: Sat Aug 09, 2008 12:52 pm
by blast2007
faglork wrote: Did I miss anything? Is the postlet now considered  secure?

If not, why does CMSMS still ship with it?

Cheers,
Alex
Postlet is still shipped but it is empty (dummy files). This is due to upgrade: empty postlet files overwrite old "risky" versions.

Regards
blast

Re: Filemanager postlet still considered risky?

Posted: Sat Aug 09, 2008 5:23 pm
by faglork
Thanks for clarification!

It would be nice if a corresponding note were included in the release notes.

Cheers,
Alex
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited