[mrtg] 14all: new location / security fix / new release

Rainer Bawidamann rainer.bawidamann at web.de
Thu Feb 7 23:17:28 MET 2002

Hi all!


I finally managed to put 14all to sourceforge, just-in-time for the
security problem. You can find future versions here:



A quick fix for the security problem is to remove the following two lines
from your copy of 14all.cgi:

BEGIN { eval { require CGI::Carp; import CGI::Carp qw/fatalsToBrowser/ }
        if $^O !~ m/Win/i };

(these lines make the error message from MRTG_lib appear in the web
browser) - or use the new version.


The fix in 14all is to not allow a config file name to start with '/' or to
contain './' (security freaks: is this good enough?)


As you might have guessed with the security update: there is a new version
of 14all on its (new) homepage: 1.1p17

There are some small changes and one new option: 14all*maxrules[target]
This is a boolean option that enables horizontal lines at the "maximum"
values. Another fix is where the links in the page targeted the wrong
server (some will remember: the 'url => relative' patch).

I'm sorry that I didn't had the time to add support for new the mrtg
functions. If anyone wants to help developing 14all I can add you as a
develper on sourceforge (cvs is not setup yet, stay tuned).

Thanks for all your help and patience!

Rainer Bawidamann

Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
Archive     http://www.ee.ethz.ch/~slist/mrtg
FAQ         http://faq.mrtg.org    Homepage     http://www.mrtg.org
WebAdmin    http://www.ee.ethz.ch/~slist/lsg2.cgi

More information about the mrtg mailing list