Threat-wise it's insignificant. There are no plans to backport it at present. Best to plan an upgrade to benefit from all the other important security benefits in 1.3.9 though.
Search:
Type: Posts; User: DrByte
Search: Search took 0.07 seconds.
-
14 Jun 2010, 06:05 PM
Thread: [Done v1.3.9e] format string attack.
by DrByte- Replies
- 7
- Views
- 3,024
Re: format string attack.
-
14 Jun 2010, 05:10 PM
Thread: [Done v1.3.9e] format string attack.
by DrByte- Replies
- 7
- Views
- 3,024
Re: format string attack.
At its basic level, v1.3.9 already protects against that problem, since it automatically re-sets the cookie value once it discovers the invalid value.
It can be reported as a false-positive...
Results 1 to 2 of 2
