Forums

the MD5 sums listed on the security bulletin webpage appear to be incorrect for YUI 2.5.0. the sums I got were:

MD5 (charts.swf) = dd337b66da67de5d94fb67dd40bd77f6
MD5 (uploader.swf) = aaefcfce0b41a4d3a2d4433441bc7736

could you verify if these are the correct values?

Allen, there still seems to be something wrong. Here's what I did:

downloaded these two files pointed to by the security bulletin webpage:

http://yuilibrary.com/support/2.8.2/dro ... -2.5.0.zip
http://yuilibrary.com/support/2.8.2/dro ... -2.5.0.zip

unzip each zip file, yielding charts.swf and uploader.swf. ran md5 on the mac and got:

MD5 (charts.swf) = dd337b66da67de5d94fb67dd40bd77f6
MD5 (uploader.swf) = aaefcfce0b41a4d3a2d4433441bc7736

could you double check? When I did this for the 2.7.0 and 2.8.1 files everything was fine.

There are some problems with the YUI 2.8.2 release which seem in part to have been due to the global year update to 2010.

container.js, lines 4789 and 5048
get.js, line 549
yahoo.js, line 298 [comment only]
yuiloader.js, lines 298 [comment only as above], lines 1864, 1865 (refer to v2.8.1 on yahooapis.com)

Also (minor) none of the .css files have been updated to have a v2.8.2 header.

Thanks,
Mike

Mike,

You're right; we executed a bad regex, and that damaged the 2.8.2 build.

Here's what we've done:

1. The download now points to 2.8.2r1 -- a corrected build.
2. 2.8.2r1 is on the CDN.

Sorry for the additional churn.

-Eric

hi,

is my site affected just by hosting the components or by implementing one of the affected components (charts/uploader/swfstore)?

thanks, joerg