[ejabberd] ejabberd login problem

Sergei Golovan sgolovan at nes.ru
Fri Jul 27 12:36:42 MSD 2007


On 7/27/07, Christophe Romain <cromain at process-one.net> wrote:
> Hello
>
> you have the bug reported on the 1.1.3 installer. this is currently
> been worked on.
> for now, please use the ejabberd-1.1.2 installer.

You're encouraging to use 1.1.2 with a security vulnerability? And it
wasn't removed from the download site just after this vulnerability
was discovered? And there's no a warning, which at least would warn
users not to use SQL databases with 1.1.2.

BTW, 1.1.3 was released on February, 2. And this bug with installer is
lasting for almost 6 months! Do you think that it is normal?

Another interesting bug is a bug in eldap, which was masked in erlang
up to R11B-1 inclusivly. But installer 1.1.3 ships with erlang R11B-2,
so all LDAP stuff is broken, and users don't have an opportunity to
downgrade erlang.

Cheers!
-- 
Sergei Golovan


More information about the ejabberd mailing list