We have just released LogAnalyzer 3.4.3. This stable release has the following changes:
- Fixed several security vulnerabilities discovered by Filippo Cavallarin.
This contains the following fixes:
- Fixed SQL Injection vulnerability in admin/view.php
- Fixed Cross Site scripting issue filter parameter on index.php
- Fixed Cross site scripting issue of id parameter on admin/reports.php
- Fixed Cross site scripting issue of id parameter on admin/searches.php
- Fixed arbitrary file read issue in Disk LogStream class. The config.php file does now contain an array "DiskAllowed" which contains allowed directories. Only files located within these allowed directories can be accessed in LogAnalyzer. By default, only /var/log is allowed.
As always, feedback is appreciated.