[Opensim-dev] OpenSimulator 0.8.0.3, 0.7.6.2, 0.7.5.2, 0.7.4.1 now released

Justin Clark-Casey jjustincc at googlemail.com
Tue Nov 11 19:51:51 UTC 2014


Hi folks,

As notified in yesterday's pre-release announcement, OpenSimuator security update versions 0.8.0.3, 0.7.6.2, 0.7.5.2 and 
0.7.4.1 are now available.  These can be downloaded from the usual place [1].  Release notes are at [2], [3], [4] and [5].

There is only one change in these releases.  This is to fix an issue where llRemoteLoadScriptPin() does not treat the 
pin '0' as an unset pin.  By default, all prims have a pin set to 0.  Therefore, this bug allows llRemoteLoadScriptPin() 
to specify a 0 pin to load scripts into owned prims with no pin set where this should not be possible.

Unless you are very sure that no user will run a script from an untrusted source, we would advise you to update as soon 
as possible.  There are no database migrations or config changes in this release compared to the previous in the series, 
so all config files can be used without alteration.

This bug was introduced more than 6 years ago with the original llRemoteLoadScriptPin() implementation and so affects 
all versions of OpenSimulator at least from 0.4.  If you are using a version of OpenSimulator older than 0.7.4 (which 
was released in August 2012) then you will need to upgrade or apply the patch in commit 5aa8ba1 manually.

Many thanks to Tranquility Dexter of Inworldz for pointing out the bug and the fix.

[1] http://opensimulator.org/wiki/Download
[2] http://opensimulator.org/wiki/0.8.0.3_Release
[3] http://opensimulator.org/wiki/0.7.6.2_Release
[4] http://opensimulator.org/wiki/0.7.5.2_Release
[5] http://opensimulator.org/wiki/0.7.4.1_Release

-- 
Justin Clark-Casey (justincc)
OSVW Consulting
http://justincc.org
http://twitter.com/justincc


More information about the Opensim-dev mailing list