[AWFFULL] Announcing AWFFull v3.7.4

Steve McInerney steve at stedee.id.au
Mon May 7 22:19:18 EST 2007


http://www.stedee.id.au/files/awffull-3.7.4.tar.gz

Bad News with this release. As seen earlier with Héctor's email re 
Search Strings, there is a nasty Security/exploitable bug in previous 
versions of AWFFull.
The problem appears to only manifest itself if you use the All Search 
Terms report: "AllSearchStr yes" in your config.
Basically, '<' characters are not being stripped. Fault is my own and is 
courtesy via the move to using PCRE's.


Nothing like shifting vast quantities of dirt and rubbish to free the 
mind for thinking on weird problems. 3 cubic metres if anyone cares. And 
still have more to go... :-)


The other fixes are:
* Add Andreas' German Translation updates which I managed to miss 
several months ago.
Naughty Steve. For future reference to all and sundry - if I do appear 
to have missed a fix or problem - email me with an impolite Nag. I won't 
mind. :-)

* Also from Andreas is a fix to sample.conf for MSIE 7 detection in the 
Agents list.

* Last, to satisfy a very odd bug that Aleks was getting with Fonts 
under Debian stable, the ability to ./configure override the fonts to 
use. Seemed to make more sense to set this at compile time, vs config 
file. Open to discussion on this one.


In other news, 3.8.1 is finally approaching completion. I'm actually 
using it at work with no noticed problems. Mainly getting the docco 
finalised. Still. :-)


Cheers!

- Steve


More information about the AWFFull mailing list