Known Issues of TWiki Production Release 01-Feb-2003
These are known issues of the TWikiRelease01Feb2003. This is a production ready release suitable for all TWiki servers. It had a code name of BeijingRelease.Security Alerts
-
Security Audit: Crypt token based fix for cross-site request forgery vulnerability - Details in SecurityAuditTokenBasedCsrfFix, fixed in TWiki 4.3.2
- Security Alert: Cross-site request forgery vulnerability with image tag
- Fix available in SecurityAlert-CVE-2009-1339, fixed in TWiki 4.3.1
- Security Alert: Secure webserver to prevent script execution of uploaded files (CVE-2006-3336)
- Fix available in SecurityAlertSecureFileUploads, fixed in TWikiRelease04x00x04
- Security Alert: TWiki INCLUDE function allows DoS attack on itself
- Fix available in SecurityAdvisoryDosAttackWithInclude and in TWikiRelease04x00x02
- Security Alert: TWiki INCLUDE function allows arbitrary shell command execution
- Fix available in SecurityAlertExecuteCommandsWithInclude
- Security Alert: TWiki history function allows arbitrary shell command execution
- Fix available in SecurityAlertExecuteCommandsWithRev
- Security Alert: TWiki search function allows arbitrary shell command execution
- Fix available in SecurityAlertExecuteCommandsWithSearch
- Security alert: A registered TWiki user may gain admin rights by manipulating the TWikiUsers topic.
- Fix available in SecurityAlertGainAdminRightWithTWikiUsersMapping
- Security alert: Meta characters can be passed through to the shell when attaching files, potentially allowing the execution of arbitrary shell commands
- Fix available in NoShellCharacterEscapingInFileAttachComment
- Security alert: User could gain view access rights of another user
- Fix available in InsecureViewWithFailedAuthentication
- Security audit: TWiki Preferences need to be secured properly
- Instructions available in SecureTWikiPreferences
- Note: See other TWikiSecurityAlerts
Major Issues
- Apache 2.0 fixes needed
- Please report your experiences to IssuesWithApache2dot0
- Perl 5.8 updates needed
- Please report your experiences to IssuesWithPerl5dot8
- MonthOutOfRangeWithRcsLite
- Fix available - note that RcsLite (all-Perl RCS implementation) is not recommended for production use yet
- Please log any RcsLite bugs to BugReports as normal
- ExtraneousLineInHttpHeader
- Fix available - without this, pages can get truncated by a couple of characters, causing authentication and other problems with IE5 and IE6
Minor Issues
- ScriptToCreateNewWebWithAttachments - feature postponed
- Right now the attachments will have to be checked and moved manually.
- Uppercase header HTML tags are not excluded from the
%TOC%variable as it was the case with the previous TWiki release.- Fix available, UppercaseHeaderTagsRenderedInTOC
- Revised logo not included yet
- See HighResolutionLogos and the follow-on topics: LogoCopyright, InternationalImpactOfCollaboration, TWikiTagline
- BuiltinWebPluralisationWithI18N - topics in built-in webs do not have proper pluralisation when using InternationalisationEnhancements
- Fix available
- SiteMapIsSlow - accessing WebHome takes about twice as long as other topics, due to SiteMap
- Workaround available
- BugWebHomeNotCalledHomePageInDocs
- Workaround available - if you rename WebHome to something else (such as HomePage), the documentation no longer matches your install, because the documentation/default install contains lots of links to
WebHome rather than %HOMETOPIC%. This can be easily fixed after install (see bug page for details).
- Workaround available - if you rename WebHome to something else (such as HomePage), the documentation no longer matches your install, because the documentation/default install contains lots of links to
- MinorBugs
- Fix available for poor formatting by OperaBrowser of WebChanges and other inline searches, and problem using Change Properties from Safari browser
Minor Annoyances
Major Browser Issues
- None at present
Minor Browser Issues
- Support.BrowserIssues: Known browser issues with work arounds
- Support.BrowserFormattingIssues: Known browser formatting issues
Bug reports
It's also worth checking BugReports, which lets you track open, assigned and resolved bugs. Many bugs are quite rare, and of course there may already be a fix.Feedback
FeedbackOnKnownIssuesOfTWiki01Feb2003 -- PeterThoeny - 12 Jan 2003 I've fixed the 'pay attention to permissions' line in the TWikiUpgradeGuide for $TWIKIROOT/lib, as per ChristianFroehler's comment on FeedbackOnKnownIssuesOfTWiki01Feb2003 - the previous command actually broke TWiki installations by setting the wronglib directory permissions. If you are using this upgrade guide and are about to do a chmod command, be sure to use the online version at TWiki.org to pick up this change.
-- RichardDonkin - 02 May 2003
Just out of curiosity, how will people requesting source for TWikiRelease01Feb2003 be made aware of the security issue?
-- SamHasler - 21 Oct 2003
The KnownIssuesOfTWiki01Feb2003 link was communicated by e-mail when the download form was active, now it is listed in the page where the TWiki package can be downloaded.
-- PeterThoeny - 26 Oct 2003 
Topic revision: r39 - 2009-09-03 - PeterThoeny
Site map
Blog web
Create New Topic
Index
Search
Advanced search
My topics of interest
Changes
Major changes only
All tags
Notifications
RSS Feed
Statistics
Preferences
Community 
Readme first
Developers News
How you can help
Community roles
#twiki IRC
Lima Release
Feature Proposals
Bugs Changes
Categories 
Account 
Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.