We have just released LogAnalyzer 3.6.6. This stable release has the following changes:
- Fixed bug in databasemapping admin. The form parameter and database fieldname of EventID field were interfering.
- Fixed a bug in maintenance.php, the ID parameter was forced to an integer. A leftover from earlier loganalyzer days.
- Fixed Cross Site Scripting Issue in index.php/detail.php for stringtype fields discovered by Dolev Farhi dolevf at yahoo dot com from F5 Networks. CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6070
Download: https://loganalyzer.adiscon.com/downloads/loganalyzer-v3-6-6
As always, feedback is appreciated.
Best regards,
Florian Riedl