Feb 03, 2016; 12:57
Eric Knibbe
[ANN] Lasso 9.3.1-4 security update available
Release 4 of Lasso 9.3.1 (9.3.1-4) is available for download. Change notes are at <http://www.lassosoft.com/Lasso-9-Change-Notes>, and download links & install instructions are at <http://www.lassosoft.com/Lasso-9-3-release-notes>.
This release primarily fixes a potential security issue with the LUX interface. Although no cases of affected systems have been reported, we are strongly recommending this pre-emptive update to ensure your system is not compromised. If you can't upgrade right away, at the very least download and extract and replace the lux.lassoapp file on your systems, or restrict access to port 8090.
Other fixes in this release:
- "utf8mb4" is now the default charset when talking to MySQL 5.5.3 & up (#7308)
- allow non-ASCII characters in uploaded file names (#7999)
- avoid garbled error messages from plugins on Linux
- fixed date values after calling weekOfYear, dayOfWeek, or dowLocal
- fixed image->file and image->describe methods
Also worth noting are these updates to the Lasso installers:
- the install process on CentOS has been simplified with the addition of RPMs for adding the Lasso repository. The respective installation instructions are now linked from the downloads page mentioned above.
- when run on OS X 10.11, the Mac installer now checks for Apple's Java 6, which is again required for LJAPI (and other apps using the JNI interface) to work.
- as mentioned before, verification was added to the Debian repo. Also note that version 9.2.7 is still available by using the "legacy" directory, i.e.
sudo add-apt-repository "deb http://debianrepo.lassosoft.com/ legacy main"
- the CentOS 6 RPM now requires ImageMagick 6.7, after it was pointed out that earlier versions of CentOS 6 shipped with ImageMagick 6.5.
Also, a usage note for LUX: the most common reason for "Timeout while reading client content" messages are when submitting a form just after a setting was changed that triggers a restart of the lassospitfire process. Since LUX itself is served by lassospitfire, subsequent requests to the original process will go unanswered, so the fix for now is to manually reload the form by either the address bar or re-clicking the link.
‐‐‐‐‐‐‐‐‐‐✂‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Eric3
#############################################################
This message is sent to you because you are subscribed to
the mailing list Lasso Lasso@lists.lassosoft.com
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <Lasso-unsubscribe@lists.lassosoft.com>
Send administrative queries to <Lasso-request@lists.lassosoft.com>