Release notes for WeBWorK 2.1.4

Introduction

This release fixes a security flaw in WeBWorK 2.1.3, as well as adding a couple of bug fixes.

• Security: WeBWorK 2.1.3 contained a security issue in which a privileged user could execute arbitrary commands in the security context of the web server. This has been fixed.
• Fixes a problem with base64-encoded answer strings.
• This version ships with an empty htdocs/site_info.txt file instead if no file.
• Don't load experimental XMLRPC modules by default.

Availability

WeBWorK 2.1.4 is available from our CVS repository. Read WeBWorKCVSReadOnly for more information on how to set up a CVS connection. For those who already have a CVS connection, this update can be obtained by updating to the tag rel-2-1-4.

WeBWorK 2.1.4 is also available as a tarball from our SourceForge project page: http://sourceforge.net/project/showfiles.php?group_id=93112

You must also have PGLanguageRelease2pt1pt3 installed. The installation manual covers installing PG.

Installation

Read the section in the installation manual on Upgrading WeBWorK.

Help

If you need help installing or using WeBWorK 2.1.4, visit the WeBWorK discussion group and post your question there. The developers monitor this forum.

Bug Reports & Feature Requests

Submit bug reports and feature requests at http://bugs.webwork.rochester.edu/. We can't fix bugs and add features if you don't tell us about them!

Patches

While we welcome patches of any sort, by patching against the latest CVS code, you save us and yourself time. A bug in this release may be fixed in CVS, and we can more easily handle patches against the latest code. Check out the latest development version from CVS and patch against that. Consult the WeBWorKCVS topic for more information.

-- Main.SamHathaway - 24 Jan 2006