[ZendTo] Re: [Updating/Upgrading virtual appliance + documentation hint]

Der PCFreak mailinglists at pcfreak.de
Tue Jan 7 07:00:14 GMT 2014


Thank you Jules, it worked perfectly!

I am now on

zendto 4.11-14

which already should have the fix for the

Cross-site scripting (XSS) vulnerability in lib/NSSDropoff.php in ZendTo 
before 4.11-13 allows remote attackers to inject arbitrary web script or 
HTML via a modified emailAddr field to pickup.php. as stated in 
CVE-2013-6808 <http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6808>

Thanks!

PCFreak


On 02.01.2014 11:15, Jules wrote:
> On 20/12/2013 13:47, Der PCFreak wrote:
>> Hi all,
>>
>> I setup ZendTo based on the downloadable virtual appliance based on CentOS
>>
>> ZendTo-CentOS6-x64-4.11-6.ova
>>
>> My installation is now fully configured and online.
>>
>> My question is, can I upgrade the entire system with yum so that I have
>> everything up-to-date
>> without breaking functionality.
> Yes, you can. Nothing in
>       /opt/zendto/config/*
>       /opt/zendto/templates/*.tpl
>       /opt/zendto/www/css/local.css
> will be overwritten when you do a "yum upgrade". So you can customise
> the user interface as much as you like, without causing any issues when
> you apply updates.
>
> Jules.
>
>> I want to do a
>>
>> yum check-update
>> yum update
>>
>> and if possible
>>
>> yum upgrade
>>
>> Any help with my approach.
>>
>> Also I have some information, that might be useful for other users of
>> the appliance and should in my opinion be added to the online documentation.
>>
>> When deploying the ova template to an ESX server, you have to delete the
>> file
>>
>>      /etc/udev/rules.d/70-persistent-net.rules
>>
>> and reboot to make the system detect the (new) network cards.
>>
>> Nice and powerful product. - Thanks!
>>
>> Kind regards
>>
>> PCFreak
>> _______________________________________________
>> ZendTo mailing list
>> ZendTo at zend.to
>> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto
>>
>> Jules
>>
>> -- 
>> Julian Field MEng MBCS CITP CEng
>>
>> 'It's okay to live without all the answers' - Charlie Eppes, 2011
>>
>> www.Zend.To
>> Twitter: @JulesFM
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20140107/88064f41/attachment.html 


More information about the ZendTo mailing list