https://bugzilla.novell.com/show_bug.cgi?id=663414 https://bugzilla.novell.com/show_bug.cgi?id=663414#c5 --- Comment #5 from Matthew Ehle <mehle@novell.com> 2011-01-25 15:45:03 UTC --- Can you please advise on what security issues you are talking about? I had reviewed the changelog for the update, and all I see is that the current release allows the possibility of XSS injection. While this is certainly not a light issue, XSS generally does not affect the integrity of the web servers themselves. If there is something in this that I am missing, please let me know. While we take standard security measures with the web servers, a vulnerability that allows an Apache/PHP exploitation needs to be addressed. I don't have much say in what I can do during Novell's blackout period. Generally, production changes are only allowed under extremely special circumstances and have to go through the approval of IS&T executives. If you could provide me as much information as you have, especially on issues that you have already seen, then we can look at starting those procedures. Feel free to message me directly on this, as I will be able to respond more quickly. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.