+## XML-RPC for PHP version 4.9.2 - 2022-12-18
+
+* security fix: removed the possibility of an XSS attack in the debugger.
+ Since the debugger is not designed to be exposed to end users but only to the developers using this library, and in
+ the default configuration it is not exposed to requests from the web, the severity of this issue can be considered low.
+
+* improved: the debugger now uses jsxmlrpc lib version 0.6. It loads it from a cdn rather than locally.
+ It also can make use of a 2nd constant to help telling it where the visual-editor form the jsxmlrpc lib is located,
+ in case its path on disk relative to the debugger and its url relative to the web root do not match.
+
+
## XML-RPC for PHP version 4.9.1 - 2022-12-12
* fixed: php warnings on php 8.2. This includes preferring usage of mbstring for converting between Latin1 and UTF8
body {
border-top: 1px solid gray;
padding: 1em;
- font-family: Verdana, Arial, Helvetica;
+ font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 8pt;
}
<h3>Changelog</h3>
<ul>
- <li>2022-12-xx: fix XSS vulnerability in the debugger</li>
+ <li>2022-12-18: fix XSS vulnerability in the debugger; load jsxmlrpc from CDN</li>
<li>2022-11-28: allow to use http/2 protocol; two security issues fixed in the underlying library</li>
<li>2020-12-11: fix problems with running the debugger on php 8</li>
<li>2015-05-30: fix problems with generating method payloads for NIL and Undefined parameters</li>
public static $xmlrpc_internalencoding = "UTF-8";
public static $xmlrpcName = "XML-RPC for PHP";
- public static $xmlrpcVersion = "4.9.1";
+ public static $xmlrpcVersion = "4.9.2";
// let user errors start at 800
public static $xmlrpcerruser = 800;
git://git.onelab.eu / plcapi.git / commitdiff