Fwd: SabreDAV 1.7.11 and 1.8.9 released, fixing two critical issues

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Fwd: SabreDAV 1.7.11 and 1.8.9 released, fixing two critical issues

Thomas Tanghus-2

----------  Forwarded Message  ----------

Subject: SabreDAV 1.7.11 and 1.8.9 released, fixing two critical issues
Date: Wednesday 26 February 2014, 14:37
From: Evert Pot <[hidden email]>
To: [hidden email]

Hi everyone,

We just released SabreDAV 1.7.11 and 1.8.9. Both of these releases fix two
critical issues.

Upgrade by running:

composer upgrade sabre/dav

or grab the zips from:

This release fixes a security issue and an issue related to large files in

*XXE issue*

Previous SabreDAV versions had a security issue, if running on the
following PHP versions

* PHP 5.3, older than 5.3.23
* PHP 5.4, older than 5.4.13
* PHP 5.5 is not affected by this.

You are strongly recommended to upgrade, as the security issue could expose
local files or easily trigger a DOS attack.

More information here:

*Large file support*

It was also discovered that SabreDAV can often not serve files larger than
2GB, due to a bug in PHP's fpassthru method.

If you ran into this issue, update sabredav. We are now no longer using

More information here: http://evertpot.com/fpassthru-broken/

You received this message because you are subscribed to the Google Groups
"SabreDAV Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at http://groups.google.com/group/sabredav-discuss.
For more options, visit https://groups.google.com/groups/opt_out.
Med venlig hilsen,

Thomas Tanghus
Devel mailing list
[hidden email]