LogAnalyzer vulnerabilities

Wednesday, May 23rd, 2012

Several vulnerabilities were discovered and brought to our attention by Filippo Cavallarin. We thank him for giving us the chance to fix these issues before releasing information into the public. More details about the vulnerabilities can be found in this security advisory. (more…)


LogAnalyzer v3.4.3 (v3-stable) released

Wednesday, May 23rd, 2012

We have just released LogAnalyzer 3.4.3. This stable release has the following changes:

  • Fixed several security vulnerabilities discovered by Filippo Cavallarin.
    This contains the following fixes: (more…)

LogAnalyzer 3.4.3 (v3-stable)

Wednesday, May 23rd, 2012

Download file name: LogAnalyzer 3.4.3 (v3-stable)

Version 3.4.3 (stable), 2012-05-23

  • Fixed several security vulnerabilities discovered by Filippo Cavallarin.
    This contains the following fixes:
    • Fixed SQL Injection vulnerability in admin/view.php
    • Fixed Cross Site scripting issue filter parameter on index.php
    • Fixed Cross site scripting issue of id parameter on admin/reports.php
    • Fixed Cross site scripting issue of id parameter on admin/searches.php
  • Fixed arbitrary file read issue in Disk LogStream class. The config.php file does now contain an array "DiskAllowed" which contains allowed directories. Only files located within these allowed directories can be accessed in LogAnalyzer. By default, only /var/log is allowed.

File size: 1003528 Bytes


LogAnalyzer v3.5.4 (v3-beta) released

Wednesday, May 23rd, 2012

We have just released LogAnalyzer 3.5.4, the new release of the beta branch. It has the following changes:

  • Merged security fixes into beta branch:
  • Fixed several security vulnerabilities discovered by Filippo Cavallarin. (more…)

LogAnalyzer v3.5.4 (v3-beta)

Wednesday, May 23rd, 2012

Download file name: LogAnalyzer v3.5.4 (beta)

Changes in Version 3.5.4 (beta), 2012-05-23

  • Merged security fixes into beta branch
  • Fixed several security vulnerabilities discovered by Filippo Cavallarin.
    This contains the following fixes:
    •   Fixed SQL Injection vulnerability in admin/view.php
    •   Fixed Cross Site scripting issue filter parameter on index.php
    •   Fixed Cross site scripting issue of id parameter on admin/reports.php
    •   Fixed Cross site scripting issue of id parameter on admin/searches.php
  • Fixed arbitrary file read issue in Disk LogStream class. The config.php file does now contain an array "DiskAllowed" which contains allowed directories. Only files located within these allowed directories can be accessed in LogAnalyzer. By default, only /var/log is allowed.

Version: 3.5.4
File size: 1041518 bytes


LogAnalyzer v3.5.3 (v3-beta) released

Wednesday, May 9th, 2012

We have just released LogAnalyzer 3.5.3, the new release of the beta branch. It has the following changes:

  • Fixed some issues in the new MongoDB Logstream Class. To name a few, add resultlimits to speedup performance. Changed and (more…)

LogAnalyzer v3.5.3 (v3-beta)

Wednesday, May 9th, 2012

Download file name: LogAnalyzer v3.5.3 (beta)

Changes:

  • Fixed some issues in the new MongoDB Logstream Class. To name a few, add resultlimits to speedup performance. Changed and fixed some issues when grouping data for consolidation. Added support to create Indexes on fields. This should also speedup report generation.
  • Added support to filter by date string, example: timereported:=2012-01-01
    A new Datetype has been added to support filtering by date.
  • Updated jpgraph code to latest version which is 3.0.7

Version: 3.5.3
File size: 1040396 bytes


LogAnalyzer v3.4.2 (v3-stable) released

Monday, May 7th, 2012

We have just released LogAnalyzer 3.4.2. This stable release has the following changes and fixes:

  • Fixed a #bugid 303, VerifyChecksumTrigger function in logstreamdb class did not generate a lowercase triggername. (more…)

LogAnalyzer 3.4.2 (v3-stable)

Monday, May 7th, 2012

Download file name: LogAnalyzer 3.4.2 (v3-stable)

Version 3.4.2 (stable), 2012-05-07

  • Fixed a #bugid 303, VerifyChecksumTrigger function in logstreamdb class did not generate a lowercase triggername.
  • Fixed typo in lang files
  • Changed processid field type to string in logstreamclass. Filtering for non-numeric processids is now possible.
  • Added support to filter by day (Date field – for example: timereported:=2012-01-01

File size: 1002.472 KB