Jun 23, 2006 - 11:39 PM :: Karen :: 28659 Reads ::
A new release of dotProject has been released today. Version 2.0.4 fixes a XSS (Cross Site Scripting) vulnerability in the handling of the login parameter, which may allow an attacker using a carefully constructed URL to gain information, such as cookie details, from a user's session.
This release also fixes a problem with upgrading from versions prior to 2.0.1. More information can be found in the ChangeLog on the dotProject download page.
All sites are urged to upgrade ASAP
For details on installing all versions of dotProject go to Installation Instructions
To download 2.0.4 go to Sourceforge - dotProject
For all support forums, faqs, documentation, bug listings etc. visit the main website at http://www.dotproject.net
IMPORTANT: Before upgrading please refer to Important 2.0.4 Announcement