ilias-admins

ilias-admins@lists.ilias.de

266 discussions

by Michael Jansen

Dear list members, we decided to change the (minimum) recommended version of 'ImageMagick' to 6.8.9-9 (http://www.ilias.de/docu/goto_docu_pg_75024_367.html#imagemagick). We noticed some issues with older versions which resulted in artifacts when drawing geometric figures (e.g., see: http://www.ilias.de/mantis/view.php?id=19064). Best regards, Michael Jansen on behalf of the ILIAS e.V. and the Technical Board

8 years, 9 months

ILIAS Security Issue: SVG Files Uploaded as Media Objects

by Michael Jansen

Dear list members, again a media object related security issue has been identified and fixed for ILIAS versions >= 5.0. A big "Thank you" goes to researcher Julian Rittweger for reporting this issue. It was possible to upload SVG files as media objects (e.g. in wiki pages) which could be used to inject and execute JavaScript (persistent XSS). With the latest fix of the responsible code maintainer, SVG files will be sanitized when uploaded to ILIAS. We advise strongly to update your ILIAS installation to the latest version. Best regards, Michael Jansen on behalf of the ILIAS e.V. and the Technical Board

8 years, 10 months

ILIAS 5.1.17 published

by Anton Arsenij

8 years, 10 months

ILIAS 5.0.21 published

by Anton Arsenij

8 years, 10 months

ILIAS 5.2.3 published

by Anton Arsenij

8 years, 10 months

ILIAS Security Issues: Self Registration and Course/File Import

by Michael Jansen

Dear list members, several security issues have been identified (thanks to Nicolas Schäfli [studer + raimann ag] and Johannes [KIT]) and fixed for ILIAS version 5.0, 5.1 and 5.2. The first weakness was located in the code validation part of the self registration. The second type of vulnerability affected the XML import of course and file objects. It was possible to copy arbitrary files into the media object directory (course import), and to copy a source file to an arbitrary location on the file system (file import). We advise strongly to update your ILIAS installation to the latest version. For more detailed explanations don't hesitate to contact us. Best regards, Michael Jansen on behalf of the ILIAS e.V. and the Technical Board

8 years, 11 months

ILIAS 5.1.16 published

by Anton Arsenij

8 years, 11 months

ILIAS 5.2.2 published

by Anton Arsenij

8 years, 11 months

ILIAS 5.0.20 published

by Anton Arsenij

8 years, 11 months

ILIAS 5.2.1 published

by Anton Arsenij

8 years, 11 months

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

ilias-admins