We have just released LogAnalyzer 3.5.4, the new release of the beta branch. It has the following changes:
Download file name: LogAnalyzer v3.5.4 (beta)
Changes in Version 3.5.4 (beta), 2012-05-23
- Merged security fixes into beta branch
- Fixed several security vulnerabilities discovered by Filippo Cavallarin.
This contains the following fixes:
- Fixed SQL Injection vulnerability in admin/view.php
- Fixed Cross Site scripting issue filter parameter on index.php
- Fixed Cross site scripting issue of id parameter on admin/reports.php
- Fixed Cross site scripting issue of id parameter on admin/searches.php
- Fixed arbitrary file read issue in Disk LogStream class. The config.php file does now contain an array "DiskAllowed" which contains allowed directories. Only files located within these allowed directories can be accessed in LogAnalyzer. By default, only /var/log is allowed.
File size: 1041518 bytes