Forum OpenACS Q&A: Response to AOLserver 3.0 vulnerability

Posted by Jonathan Marsden on
Correction: the current aolserver tarball from aD was 3.3.1+ad13, so it already had the fix for this exploit in it.  My aolserver RPMs used this as their base, not AOlserver 3.3 + ad13.

So it seems that the 3.3.1 + ad13 combination is what aD themselves recommend.  It works for me.