Release notes for WeBWorK 2.1.4
This release fixes a security flaw in WeBWorK 2.1.3, as well as adding a couple of bug fixes.
- Security: WeBWorK 2.1.3 contained a security issue in which a privileged user could execute arbitrary commands in the security context of the web server. This has been fixed.
- Fixes a problem with base64-encoded answer strings.
- This version ships with an empty
htdocs/site_info.txtfile instead if no file.
- Don't load experimental XMLRPC modules by default.
WeBWorK 2.1.4 is available from our CVS repository. Read WeBWorKCVSReadOnly for more information on how to set up a CVS connection. For those who already have a CVS connection, this update can be obtained by updating to the tag
WeBWorK 2.1.4 is also available as a tarball from our SourceForge project page: http://sourceforge.net/project/showfiles.php?group_id=93112
You must also have PGLanguageRelease2pt1pt3 installed. The installation manual covers installing PG.
Read the section in the installation manual on Upgrading WeBWorK.
If you need help installing or using WeBWorK 2.1.4, visit the WeBWorK discussion group and post your question there. The developers monitor this forum.
Bug Reports & Feature Requests
Submit bug reports and feature requests at http://bugs.webwork.rochester.edu/. We can't fix bugs and add features if you don't tell us about them!
While we welcome patches of any sort, by patching against the latest CVS code, you save us and yourself time. A bug in this release may be fixed in CVS, and we can more easily handle patches against the latest code. Check out the latest development version from CVS and patch against that. Consult the WeBWorKCVS topic for more information.
-- Main.SamHathaway - 24 Jan 2006