Release notes for WeBWorK 2.1.4

From WeBWorK_wiki
Jump to navigation Jump to search
This article has been retained as a historical document. It is not up-to-date and the formatting may be lacking. Use the information herein with caution.

Introduction[edit]

This release fixes a security flaw in WeBWorK 2.1.3, as well as adding a couple of bug fixes.

  • Security: WeBWorK 2.1.3 contained a security issue in which a privileged user could execute arbitrary commands in the security context of the web server. This has been fixed.
  • Fixes a problem with base64-encoded answer strings.
  • This version ships with an empty htdocs/site_info.txt file instead if no file.
  • Don't load experimental XMLRPC modules by default.

Availability[edit]

WeBWorK 2.1.4 is available from our CVS repository. Read WeBWorKCVSReadOnly for more information on how to set up a CVS connection. For those who already have a CVS connection, this update can be obtained by updating to the tag rel-2-1-4.

WeBWorK 2.1.4 is also available as a tarball from our SourceForge project page: http://sourceforge.net/project/showfiles.php?group_id=93112

You must also have PGLanguageRelease2pt1pt3 installed. The installation manual covers installing PG.

Installation[edit]

Read the section in the installation manual on Upgrading WeBWorK.

Help[edit]

If you need help installing or using WeBWorK 2.1.4, visit the WeBWorK discussion group and post your question there. The developers monitor this forum.

Bug Reports & Feature Requests[edit]

Submit bug reports and feature requests at http://bugs.webwork.rochester.edu/. We can't fix bugs and add features if you don't tell us about them!

Patches[edit]

While we welcome patches of any sort, by patching against the latest CVS code, you save us and yourself time. A bug in this release may be fixed in CVS, and we can more easily handle patches against the latest code. Check out the latest development version from CVS and patch against that. Consult the WeBWorKCVS topic for more information.

-- Main.SamHathaway - 24 Jan 2006