RE: Updating the XML-RPC library - Joao Prado Maia - com.mysql.lists.eventum-devel

3 messages in com.mysql.lists.eventum-develRE: Updating the XML-RPC library

From	Sent On	Attachments
Fredrik Persson	22 Aug 2005 23:53
Joao Prado Maia	23 Aug 2005 07:34
Joao Prado Maia	23 Aug 2005 07:34

Subject:	RE: Updating the XML-RPC library
From:	Joao Prado Maia (jp...@mysql.com)
Date:	08/23/2005 07:34:14 AM
List:	com.mysql.lists.eventum-devel

Fredrik,

Because of the announced vulnerability with the bundled XML-RPC library prior to Eventum 1.6.1, I am concerned to remedy this. We are running Eventum 1.5.4 and the diff list between the two versions are quite big so it would have been great if it's possible to replace the XML-RPC library to prevent the vulnerability issue.

Is this possible?

Sure, just download the new XML-RPC release and replace the existing classes for the new ones.

The bundled version that we ship on 1.6.1 uses the Curl extension to handle SSL installations, but the stock version should work as well.

--Joao