All versions of public facing GeoCalendar implementations may be susceptible to a recent SQL injection attack. Symptoms range from a deletion of all events from the database to malicious insertion of code into SQL Server databases prompting user to download a malicious js file. To combat this recent attack GeoNorth has implemented additional security and has an update available for GeoCalendar 3.0 customers. This update is provided at no cost.
Due to the nature of the SQL injection attack, you may not be able to restore a recent database backup without reintroducing the malicious SQL. We recommend either restoring an older version or re-entering current event records.
Please note that the security patch for older versions of GeoCalendar will not be provided. You are encouraged to call for upgrade pricing.
here is a small fix for the only known problem we have encountered with ColdFusion Server 4.5 and GeoCalendar. Any newly downloaded calendars as of 1/12/2000 will not need to be fixed. The problem occurs when you are trying to edit/view the "category" details. Standard version users can download a small zip file to be extracted into their GeoCalender customtag directory.Developer version users can download a small doc that explains the problem and how to fix it. If you are still having problems using your registered copy of GeoCalendar with CF 4.5, mail us a detailed description of the problem you are having to GeoCalendar Support.
