Logaholic has released version 2.0 RC8, which adresses some security issues, fixes a number of bugs and adds a few features.
Security Update:
– Added Anti-SQL injection measures.
– Added Anti-cross site scripting
– Added Anti-HTML injection measures.
Other Changes:
– Fixed bug preventing the use of some faster summary tables (Speeds up important reports)
– Fixed various Logaholic SPE issues, added branding option
– Added search to various reports
– Added custom setting for visit/session timeout period
– Added resove IP on/off switch for click-trail reports
This release should fix the vulnerabilities mentioned on various security related websites (i.e SecurityFocus.com). If you have any further information concering Logaholic security, please contact us to report the issue.
I would like to mention that these issues were classified as ‘moderate risk’. Moreover, they could only be taken advantage of by others if your logaholic directory is not password protected.
Needless to say, we advise everyone to password protect the logaholic installation directory.
We also advise everyone to upgrade to this version. All versions on our site have been updated. If you are a logaholic customer, please log in to your account and access your Order History. You will be able to download your update from there.