JW_00000 1192898788|%e %b %Y, %H:%M %Z|agohover
Chameleon 0.6.1.1 has been released.
Version 0.6.1.1 is a bugfix release. This small release fixes only one bug, but a severe one. In Chameleon 0.5.5, 0.6.0 and 0.6.1, it was possible for a malicious user to obtain data from the database by loading a specially crafted URL. On some databases, particularly on Microsoft SQL Server, it is possible a user even might be able to edit and delete data. Therefore, it is recommended to upgrade as soon as possible.
You can download Chameleon 0.6.1.1 (Beta) at http://chameleon.wikidot.com/download, and follow the instructions in the README included in the package to install it. To upgrade, simply copy the new files over the old ones. Only the file app/controllers/blog_controller.rb changed, so replacing that one is enough.
These instructions and a lot more information are also available on the website.
