Security Update

Take a look inside and be the first to get news regarding Revolution Pi
Post Reply
User avatar
Mathias
Posts: 130
Joined: 29 Nov 2016, 10:46
Answers: 0

Security Update

Post by Mathias »

Some of our users found security vulnerabilities in the PHP code of PiCtory and RevPi Core Status. Now we are releasing an update to fix these problems in the Jessie Image.
The installation is as usual:

Code: Select all

sudo apt update
sudo apt install pictory
The packages piserial and revpi-webstatus are updated automatically.
User avatar
volker
Posts: 1046
Joined: 09 Nov 2016, 15:41
Answers: 1

Re: Security Update

Post by volker »

Sorry but we need to inform about a second update for eliminating further security issues with PiCtory.
As some of our users do expose their system's web server (against our advice) unprotected to public or semi-public networks we need to make sure that all known issues are eliminated.

The installation is as usual:

sudo apt update
sudo apt install pictory
Unser RevPi Motto: Don't just claim it - make it!
User avatar
Mathias
Posts: 130
Joined: 29 Nov 2016, 10:46
Answers: 0

Re: Security Update

Post by Mathias »

We have to postpone an update:
In the last version there were problems with the Modbus Master and Slave modules. Additional underscores __ have been added to the names of the serial driver (e. g. /dev/ttyUSB0) or to the IP address. The new version 1.3.4 doesn't do this anymore. However, you have to load the project after the update, remove the underscores, save the project as a start project and do aDriver Reset via the menu.
In the Config and Services pages it was not possible to save changes, this is now possible again.
Post Reply