Viewing 3 replies - 16 through 18 (of 18 total)
  • Benjamin Kunz Mejri was given credit for finding a form sanitization issue/problem in the BPS .51 changelog entry because that was what he found and not a security vulnerability. Technically it is a bug so you can also call it a security vulnerability if you want to.

    = .51 =
    * BugFix/Code Correction:
    * System Info page HTTP_HOST variable fallback for SERVER_ADDR IP address retrieval code correction. Missing gethostbyname function has been added to the HTTP_HOST variable IP address fallback and is now returning an IP address correctly.
    * Code Correction/Sanitization:
    * System Info page Check Headers Tool Form code sanitization. Special thanks to Benjamin Kunz Mejri for finding and reporting this Form code sanitization issue that needed to be corrected.

    After careful debate we decided to move the BPS Changelog to our forum site so that the entire history of the changelog can be seen, we can maintain the Changelog much easier, it is not automatically truncated on the WP plugin changelog page, keep the size of the BPS readme.txt file reasonable (not gigantic with years of old changelog events) and some other beneficial reasons. We will not be bothering with adding a Dismiss Notice warning since that could actually cause even more headaches and problems. ??

    https://forum.ait-pro.com/forums/topic/bps-changelog/

    Additional Statistical info:
    After moving the BPS Changlelog to the AITpro forum site and checking Google Analytics to get the total percentage of people who actually check the BPS Changelog before or after upgrading:

    Using Google Analytics > Behavior > Site Content > All Pages > changelog URI
    175 people have looked at the BPS Changelog out of 9,968 upgrades from BPS .52.5 to BPS .52.6
    Percentage of people who checked the BPS Changelog before or after upgrading: 1.75% | .0175

    The numbers are even lower than I thought they would be. I expected at least 1 in 10 people or 10 in 100 people or 10% of the people checking the Changelog. Anyway obviously the majority of people either are not aware that a changelog exists or what a changelog means or do not bother to check Changelogs.

Viewing 3 replies - 16 through 18 (of 18 total)
  • The topic ‘Scan returns false positive’ is closed to new replies.