You need to log in before you can comment on or make changes to this bug.
Need to audit all chameleon code for security.
should be done for RC1.
initial thoughts: * anything that allows a user to upload to the server: - UploadContext - UploadSLD * anything that allows a user to download from the server: - all Download widgets, Extract widgets, PrintManager * cwc2 * any attributes that can refer to remote files * any code that calls exec, passthru, system etc * any reference to a local or remote file * review/google for known php vulnerabilities * session code including session fixation
Please no more details about security issues in this bugzilla or public mailing lists.
this is being tracked internally now.