LogAnalyzer 3.4.3 (v3-stable)

Download file name: LogAnalyzer 3.4.3 (v3-stable)

Version 3.4.3 (stable), 2012-05-23

  • Fixed several security vulnerabilities discovered by Filippo Cavallarin.
    This contains the following fixes:
    • Fixed SQL Injection vulnerability in admin/view.php
    • Fixed Cross Site scripting issue filter parameter on index.php
    • Fixed Cross site scripting issue of id parameter on admin/reports.php
    • Fixed Cross site scripting issue of id parameter on admin/searches.php
  • Fixed arbitrary file read issue in Disk LogStream class. The config.php file does now contain an array "DiskAllowed" which contains allowed directories. Only files located within these allowed directories can be accessed in LogAnalyzer. By default, only /var/log is allowed.

File size: 1003528 Bytes

Tags: , , , ,

3 Responses to “LogAnalyzer 3.4.3 (v3-stable)”

  1. Hi, the variable DiskAllowed is not recursive so if you have a directory per hosts conatining the logs you have to enable every directory.
    In my case I’ve like 50 directory to insert and i need to modify the configuration manually every time that I add a server.
    Isn’t possible to add a recursive option like /path/to/logs/%ALLFOLDERS%/ ?

  2. alorbach says:

    There was a bug in the DiskAllowed feature. It has been fixed in 3.6.0

  3. Rich says:

    Ok.. Nice that it was fixed, but what does it look like? What is the formatted array string look like to add additional directories to the array?? I tried several times to add multiple directory strings and they all failed.. And there just does not seem to be any documentation anyplace show how to do this..


Leave a Reply