News from the Editor

Cross scripting security fixes in version 2.0 beta

Posted by Joe (joe) on Apr 20 2008
News from the Editor >> Program

Development team found and removed serious security issue in current version 2.0
beta. Because of lack of input data validation the system was vulnerable to
cross scripting attacks. This is not big issue when FA is used in trusted
company environment, but in demo installation the security hole can be source
of troubles for potential visitor.

All needed fixes to seal Front Accounting 2.0 beta against XSS attacks have been
done and are available from CVS server. Every administrator of publicly
available FA 2.0 demo is strongly encouraged to upgrade to current CVS version.

Last changed: Apr 20 2008 at 4:01 am


Support This Project