Notes:
Version 0.6.1.1 is a bugfix release. This small release fixes only one bug, but
a severe one. In Chameleon 0.5.5, 0.6.0 and 0.6.1, it was possible for a
malicious user to obtain data from the database by loading a specially crafted
URL. On some databases, particularly on Microsoft SQL Server, it is possible a
user even might be able to edit and delete data. Therefore, it is recommended to
upgrade as soon as possible.
To upgrade, simply copy the new files over the old ones. Only the file
app/controllers/blog_controller.rb changed, so replacing that one is enough.
Changes:
* Fix bug #154876.
|
