Pubcookie Home > News 
 
Pubcookie Homepage Pubcookie News
Announcing Pubcookie 3.3.2b
Component:  Pubcookie 3.3.2b
Audience:  All
Modified:  November 6, 2006

Release notes for Pubcookie 3.3.2b:

Subject: Pubcookie 3.3.2b Released

Pubcookie 3.3.2b has been posted on the pubcookie.org project web site.  

This version represents a minor patch release that focuses on security and
parity between the Apache module and ISAPI filter. Changes since the 3.3.2
release (3.3.2a had no release announcement) include:

   * Security fix to the Apache module and ISAPI filter to prevent 
     the Abuse of Functionality vulnerability described in the "Empty
     Authentication" security advisory posted concurrent to this release. 
     The modules now verify that the login server sends a non-empty userid
     in the granting reply unless the "no prompt" option is enabled. See:
     http://pubcookie.org/news/20061106-empty-auth-secadv.html

   * URI path and query-string handling changes to the Apache module
     and ISAPI filter to address possible truncations during login.

   * Fixed a misplaced variable declaration in the Apache module, 
     which caused problems with version 3.3.2 in some compilers.

Note: No changes have been made to the login server since 3.3.2.

More thorough change information is available on the project site:
    http://pubcookie.org/docs/CHANGES.txt

With this patch release, version 3.3.2b becomes the current production
release of Pubcookie, and attention will turn again toward future
enhancements.

Thanks,

Nathan Dors
Pubcookie Project
University of Washington
Phone: 206/543-0624
FAX: 206/221-6966
E-Mail: pubcookie-ext@cac.washington.edu


[Pubcookie Home Page]
Copyright © 2002-2008 University of Washington
UW Technology Services
Pubcookie Contact Info
Modified: November 6, 2006