Comprehensive Security Review on Lifetype 1.2.x

Comprehensive Security Review on Lifetype 1.2.x

Postby reto on Mon Jun 09, 2008 4:11 pm

Dear Lifetype Users

We are in the process of doing a comprehensive review and rework of our input validation framework for the upcoming 1.2.9 release. We advise you to not update directly from the 1.2 branch in our SVN repository as we may leave it in an unstable state for a couple of days. Please wait until we release 1.2.9 before you update again from the 1.2 branch.

If you don't know about Subversion (SVN) and usually upgrade your installation from released packages, you don't have to worry. We will announce the next realease as usual.

Thank you for your understanding and have fun,
reto
reto | wiki | Downloads
reto
Lifetype Expert
 
Posts: 395
Joined: Sat Apr 17, 2004 12:34 pm

Re: Comprehensive Security Review on Lifetype 1.2.x

Postby jondaley on Sun Jun 22, 2008 6:58 pm

Mark and I have checked in a ton of code, and I think we are getting close to the release, just a couple more things to discuss about whether we will fix them now, and how to fix them, etc. There might be a couple more bugs caused by recent code, but it'd be great for some people to be checking them out. You can either use subversion to get up-to-date, or you can download the nightly builds.

Nightly builds are here:
http://lifetype.net/snapshots/

Subversion instructions are here:
http://lifetype.net/page/development
jondaley
Lifetype Expert
 
Posts: 6154
Joined: Thu May 20, 2004 6:19 pm
Location: Pittsburgh, PA, USA
LifeType Version: 1.2.11 devel branch

Re: Comprehensive Security Review on Lifetype 1.2.x

Postby koji on Thu Oct 09, 2008 7:01 am

Hi friends...

So, it's sure to download the latest subversion release to upgrade from an older version (1.2.6) or it's this security review still in course?
Does it exist some aproximate date to publish 1.2.9 release?

Thanks!
koji
 
Posts: 130
Joined: Wed Jul 06, 2005 10:20 am
Location: Tarragona - Catalonia

Re: Comprehensive Security Review on Lifetype 1.2.x

Postby jondaley on Thu Oct 09, 2008 4:05 pm

I am not quite sure what you are saying. A number of people have upgraded to 1.2.9 successfully, so I am more confident that it is the right thing to do, even though I haven't had time to finish my tests.

There is not a date yet - I haven't looked at the todo list for 1.2.9 in a while, but I suspect once I can find 8 or 10 hours, I would be able to finish it up.
jondaley
Lifetype Expert
 
Posts: 6154
Joined: Thu May 20, 2004 6:19 pm
Location: Pittsburgh, PA, USA
LifeType Version: 1.2.11 devel branch

Re: Comprehensive Security Review on Lifetype 1.2.x

Postby koji on Fri Oct 10, 2008 2:12 am

Ops, my english is getting worst day to day ... :cry:

On the home page for lifetype this message is still present:

"We are in the process of doing a comprehensive review and rework of our input validation framework for the upcoming 1.2.9 release. We advise you to not update directly from the 1.2 branch in our SVN repository as we may leave it in an unstable state for a couple of days"

So, I was wondering if now it's safe to update from SVN, but reading your message I think the answer is "Of course" ...

Thanks
koji
 
Posts: 130
Joined: Wed Jul 06, 2005 10:20 am
Location: Tarragona - Catalonia

Re: Comprehensive Security Review on Lifetype 1.2.x

Postby jondaley on Sat Oct 11, 2008 8:57 am

Correct. The "few days" have passed. And also, see my comment on that post - the only thing I am concerned about is the summary registration, and since no one has complained, I expect that is fine as well.
jondaley
Lifetype Expert
 
Posts: 6154
Joined: Thu May 20, 2004 6:19 pm
Location: Pittsburgh, PA, USA
LifeType Version: 1.2.11 devel branch

Re: Comprehensive Security Review on Lifetype 1.2.x

Postby kevinf on Sun Jan 25, 2009 7:23 pm

Today i tried upgrading to the 1.2 branch of the SVN and got many charset problems.. i filled a bug in the bugtracker.
http://www.politicien.fr <- running lifetype 1.2.10!
kevinf
 
Posts: 24
Joined: Tue May 22, 2007 3:33 am
LifeType Version: 1.2.10

Re: Comprehensive Security Review on Lifetype 1.2.x

Postby jondaley on Sun Feb 22, 2009 6:59 pm

I think we are getting pretty close to a release. All that is left on my list is to take another look at the time-offset bug, which has been around for forever, and it turns out there was only a partial fix a while ago, and it doesn't fix it for everyone.

But, if everyone is happy with it, I will release it in a couple days I think - just need an hour or two to look at that time-offset bug, and either fix it, or leave it the way it is for now.
jondaley
Lifetype Expert
 
Posts: 6154
Joined: Thu May 20, 2004 6:19 pm
Location: Pittsburgh, PA, USA
LifeType Version: 1.2.11 devel branch

Re: Comprehensive Security Review on Lifetype 1.2.x

Postby jondaley on Wed Sep 09, 2009 9:59 pm

So, "pretty close" turned out to be fairly true in the sense of the number of work-hours that were left, but way off in terms of when the actual release would happen. I'm happy to announce that after a super long delay, 1.2.9 has now been officially released, and we'll try not to have such long release cycles ever again.

Hopefully, this will be the last release in the 1.2.x series (no more features will be added) and so work on the 2.0 version can begin again (it was actually started years ago), and there are some cool things in the making.

You can see where the 2.0 release is headed here: http://bugs.lifetype.net/roadmap_page.php though we'll need to go through that list and see if anything will be removed from it.
jondaley
Lifetype Expert
 
Posts: 6154
Joined: Thu May 20, 2004 6:19 pm
Location: Pittsburgh, PA, USA
LifeType Version: 1.2.11 devel branch

Re: Comprehensive Security Review on Lifetype 1.2.x

Postby kevinf on Wed Oct 14, 2009 1:21 am

Oh wow!!
Congratulations jondaley!! It's a very good news! :D
http://www.politicien.fr <- running lifetype 1.2.10!
kevinf
 
Posts: 24
Joined: Tue May 22, 2007 3:33 am
LifeType Version: 1.2.10


Return to Announcements

cron