In May the planned code security audit of the 1.5 code was executed, the report delivered to us in the last week of May. Xander, Chris and myself went through it in detail and last week discussed the various recommendations. There are some details we need to improve on but overall the report was a positive result; no major structural issues were found. I dare say we’ve learned from the previous audits and have become better at producing secure code. Thanks Chris and Xander 🙂 We’re currently discussing with the security auditing firm whether we can publish the report. Should you want to receive a copy drop me an email.
We have now planned the next step towards the 1.5 release and we decided we do need a beta-4 mainly to address a a number of the recommendations from the security audit. We expect this beta-4 to be released around the 25th of July. We also expect this to be the last beta in the 1.5 release cycle.
A report was recently presented to the FileSender core development team arising from a usability and interaction design review of the FileSender 1.5-beta1 release, conducted by members of the User Experience team in eSolutions at Monash University in Australia. This report, as well as the user scenarios document used during the review, are now available for download from the Monash University User Experience Review wikipage. On that page we also list several of the recommendations made by this review that have already been at least partially addressed during 1.5 development. This is just one of several Reviews and prototypes which have been / are planned to be conducted!
May 31st Xander announced the availability of the FileSender 1.1 release to the filesender-dev list. You should apply this upgrade soon (before FF 13 comes out) if you want your FireFox users to remain able to use your FileSender installation!
Xander’s announcement is as follows: We’re happy to announce that FileSender 1.1.1 release is now available for download and in the FileSender package and svn repositories.
Version 1.1.1 is a maintenance and bugfix release and contains two important fixes:
- The upcoming FireFox 13 (planned for june 5th next week) has changed the way the HTML5 uploads are done. Version 1.1.1 can handle this changed method (and of course also the old method used with FF 12 and lower). *Not* upgrading will mean that uploads with FF13 will break.
- With 1.1 it was (under some, non-default circumstances) possible thata normal user was given acces to the administrator view. This has beenfixed in 1.1.1.We therefore recommend that you upgrade to 1.1.1 as soon as possible(preferable before june 5th). If, for whatever reason, a normal upgradeis not possible you should at least get the following two files from the distribution files (tar.gz or zip) and install them: www/js/fs_html5.js classes/AuthSaml.php
Download details for FileSender 1.1.1 are at http://www.assembla.com/spaces/file_sender/wiki/Download
For those of you using the Debian or RPM package repositories:
- 1.1.1 packages are as of now available in both the stable and testing repositories.
- As of now 1.0.1 (using the deprecated Gears method) is only available in the ‘oldstable’ repositories.
On behalf of the FileSender team,