This question about Installation of Foswiki: Answered

security alert foswiki 1.1.8


I am still getting a security list when I install Foswiki 1.1.8 for the MAKETEXT script although it your documentation says it is fixed in this version. Is this something I need to be worried about? Thank you.

Xochi Maes Valdez

-- XochiValdez - 09 May 2013

You are probably okay. We patched the calls to MAKETEXT so that any vulnerabilities shouldn't be exposed by Foswiki. We do recommend however installing 1.23 of the CPAN Module Locale::Maketext for the safest solution.

Note that Debian and possibly other distributions have patched Locale::Maketext without incrementing the version number, which causes us to detect the version as vulnerable even though it's been patched. We're not sure how to address this, if distributions "lie" to us about the installed versions of CPAN code.

-- GeorgeClark - 09 May 2013

I've tried two patches (extensions) to upgrade but each time the log says no matching files found. So the warning stays up and the version does not get changed.

-- XochiValdez - 09 May 2013

The module - Locale::Maketext. is not part of Foswiki, and we don't patch it. The warning in configure is telling you that the CPAN module, installed external to Foswiki, is not version 1.29. There is nothing you can do in Foswiki to eliminate the warning.

You can either ignore it, or chase down the version of Locale::Maketext installed in your system and try to get it updated. For example:

 perl  -e 'use Locale::Maketext; print $Locale::Maketext::VERSION'

-- GeorgeClark - 10 May 2013

QuestionForm edit

Subject Installation of Foswiki
Version Foswiki 1.1.8
Status Answered
Related Topics
Topic revision: r4 - 10 May 2013, GeorgeClark - This page was cached on 19 Sep 2019 - 04:19.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy