slidePresenter

This is a security alert regarding slidePresenter-0.40-beta.

As released, slidePresenter-0.40-beta contains a security flaw in which certain server-executable .php files may be overwritten by an attacker having write-access to the web server. Although no known flaws in slidePresenter provide that access, I have no way of confirming the same is true of all other services running on your web server.

Therefore, all users of slidePresenter-0.40-beta are encouraged to discontinue its use and revert to the latest stable version (slidePresenter-0.33) until this vulnerability has been patched. To prevent further distribution of the vulnerable code, slidePresenter-0.40-beta has been removed from the download site at sourceforge.net; all other previously released versions are still available.

Subscribers to the slides-announce list will be notified when a patched version has been released.

A few moments ago I posted slidePresenter-0.40-beta to Sourceforge. Check out the demo and download it now for the latest slidePresenter features.

I’m really excited about this release, as it offers a great new feature to slide presenters: a virtual “laser pointer” for pointing out particular areas of a slide. Even better than a laser pointer, you can draw circles, squares, and straight lines (as well as the usual spot) in any of four colors. With this feature, I believe slidePresenter is moving up to become the full-featured slideshow broadcast software people need, while remaining lightweight, offering a simple installation for presenters, and requiring zero installation for viewers.

slidePresenter-0.40-beta also provides these features, as called for in the Project Roadmap:

• Thorough re-write of data management code (required for cursor indicaors feature, and database back-end option in version 0.60)
• “Slide x of y” display to indicate how far along the presentation is, in the View interface
• Degrade gracefully if Javascript is not enabled (essentially, explain to the user that Javascript is required, instead of just breaking without explanation)

What’s missing from this release — the reason it’s only released as “beta” — is the capability of upgrading existing presentation files from earlier versions. This feature will be added with the production relase of slidePresenter-0.40. Users who are subscribed to the slides-announce list will be updated as soon as the new version is released.