Ok, I think i've found where the security changes in 1.3.2 were made. In the release notes it states: 1.3.3 (2005-10-20) - (2005/10/17) added security bugfix for missing SQL quote And I believe the file that the changes were made in is System/DB.pm. I would kindly ask that any developer that worked on this verify where the changes were made to fix the security problems with 1.3.2. We are going to upgrade our installation eventually, but we have made a number of customizations that will take a while to migrate, so in the meantime we need to patch our version of 1.3.2. Thanks for your help. Mark On Apr 12, 2007, at 5:41 PM, Mark D. Wallace wrote:
We are running 1.3.2 and have made many mods to the code all the way to the system files. The issues related to security in 1.3.2 are a top issue for us now. I would like to know if there is a set of patches that can fix this problem for OTRS 1.3.2, or are there other suggestions that would expedite getting our installation secure as soon as possible.
Thanks, Mark Wallace
_______________________________________________ OTRS mailing list: dev - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/dev To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/dev