Question

Today I received an email notifying me that several security issues exist in 01-Sep-2004. It mentions that a 02-Sep-2004 version is available. Do I need to do this?

Environment

-- DaveHecker - 28 Nov 2004

Answer

We have one serious vulnerability in the 01-Sep-2004 release. This has been fixed in the 02-Sep-2004 release. You do not need to upgrade from the 01-Sep-2004 version, simply apply the patch you got in the e-mail. See also SecurityAlertExecuteCommandsWithSearch

-- PeterThoeny - 28 Nov 2004

Alternatively, download the 02-Sep-2004 release and copy only twiki/lib/TWiki/Search.pm over to your 01-Sep-2004 installation.

-- PeterThoeny - 28 Nov 2004

Thanks for this response. At the end of the email, the patch was provided - I think this was intended to provide the changed-lines for the respective pages. Am I understanding this? Is there any documentation about 'how to apply the provided patch' ? thanks again!

-- DaveHecker - 28 Nov 2004

To patch your software, download GNU Patch (linked from PatchGuidelines) - then cd to the directory containing Search.pm and then run patch -i patchfile.txt (where you saved the patch as patchfile.txt). Learning to use patch is useful, but if you're not sure about this it may be easier to do what Peter suggested in his second posting.

-- RichardDonkin - 28 Nov 2004

Or you could apply the patch manually since it is very small. In your Search.pm replace the - minus lines with the + plus lines, removing the leading plus.

-- PeterThoeny - 29 Nov 2004