I would first like to say that my colleagues and I see ImageGen as a great product and we used it on several projects so far.
Yesterday we got a message from one of our customers who would like to have their website compliant with Payment Card Industry
(PCI) Data Security Standards (DSS).This would allow them to support VISA and other credit card payments on their website. Their website is built on top of Umbraco CMS and it is using ImageGen heavily. Our customer got a test report from a company that is doing compliancy tests and the report shows that ImageGen is braking a critical rule.
EDIT BY DROBAR - removed details of how to introduce a security vulnerability.
Please notice that I put there a relative URL.
Would it be possible for you to make and release a new version of the ImageGen on short notice and to have a fix for this issue in that new version?
If possible, when can we expect to see the new version/fix?
Please let me know if I can be of any help (if you need more info, etc).
I'm very close to releasing v2.5, which fixes the vulnerability as well as adds new features and fixes a few bugs. At the
moment I'm doing final QA and documentation.
I already wrote above that I can't mark a reply as solution because of my "karma". I get the following message when I try to do it:
You cannot vote yet
You need at least 70 karma points to be able to rate items on our.umbraco.org You gain karma points every time you do something constructive, like answering topics on the forum, or starting new ones or publishing your work as a project
ImageGen and Payment Card Industry (PCI) Data Security Standards (DSS)
Hello to author(s) of ImageGen,
I would first like to say that my colleagues and I see ImageGen as a great product and we used it on several projects so far.
Yesterday we got a message from one of our customers who would like to have their website compliant with Payment Card Industry (PCI) Data Security Standards (DSS).This would allow them to support VISA and other credit card payments on their website. Their website is built on top of Umbraco CMS and it is using ImageGen heavily. Our customer got a test report from a company that is doing compliancy tests and the report shows that ImageGen is braking a critical rule.
EDIT BY DROBAR - removed details of how to introduce a security vulnerability.
Please notice that I put there a relative URL.
Would it be possible for you to make and release a new version of the ImageGen on short notice and to have a fix for this issue in that new version?
If possible, when can we expect to see the new version/fix?
Please let me know if I can be of any help (if you need more info, etc).
Best regards,
Sasa Popovic
Vega IT Sourcing
Hi, Sasa,
I'm very close to releasing v2.5, which fixes the vulnerability as well as adds new features and fixes a few bugs. At the moment I'm doing final QA and documentation.
Contact me through my website and I can give you a beta version to resolve the problem immediately if that is necessary. http://www.percipientstudios.com/about/contact.aspx
cheers,
doug.
I just want to say that I got a very quick and helpfull reply from Douglas.
I wanted to mark his reply as a helpfull reply but I was not albe to do that because of low carma.
Keep the good work Doug.
For forum admins:
I just got a reminder from this forum. It says the following:
We noticed that the topic ‘ImageGen and Payment Card Industry (PCI) Data Security Standards (DSS)’ you created in the Umbraco Community Forum does not have a post marked as a solution.
If a post helped answer your question or resolve your issue please mark it as a solution so others can quickly find it. You can view the topic and any posts here http://our.umbraco.org/projects/website-utilities/imagegen/imagegen-bugs/13320-ImageGen-and-Payment-Card-Industry-(PCI)-Data-Security-Standards-(DSS).
Thank You from the Umbraco Community!
I already wrote above that I can't mark a reply as solution because of my "karma". I get the following message when I try to do it:
You cannot vote yet
You need at least 70 karma points to be able to rate items on our.umbraco.org
You gain karma points every time you do something constructive, like answering topics on the forum, or starting new ones or publishing your work as a project
Did anyone look into above mentioned issue and can I do anything abou it?
The potential XSS exploit has been resolved with ImageGen 2.5.
cheers,
doug.
Good work, thx Doug!
Regards,
Sasa
is working on a reply...