Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
On Tue, 13 Apr 2004 21:53:20 +0100, Tony Hoyle <tmh at nodomain.org> wrote: >cvsnt 2.0.38. Stable release. > >Just a bugfix release from the last revision (2.0.37). > This also addresses the following (synchronised release with the cvshome.org server): SERVER SECURITY ISSUES * Piped checkouts of paths above $CVSROOT no longer work. Previously, clients could have requested the contents of RCS archive files anywhere on a CVS server. CLIENT SECURITY ISSUES * Clients now check paths from the server to verify that they are within one of the sandboxes the user requested be updated. Previously, a trojan server could have written or overwritten files anywhere the user had access, presenting a serious security risk. These fixes are also in 2.0.37. For obvious reasons, upgrading is recommended. Tony