B6308: Crash on long filenames and browser security issue
All versions of SwiftView will crash on very long document
filenames. This creates an exploit vulnerability. For an
overview, please read the eLynx security bulletin
or Security issue FAQ
B6309: Obsolete existing ActiveX controls due to security vulnerability.
All prior versions of the SwiftView ActiveX control contain a
potentially exploitable security vulnerability (see B#6308).
Because of this, once 8.3.5 is installed, older versions of the
ActiveX control will not be allowed to run in IE. To roll back to
a prior version, you must first uninstall 8.3.5.
8.3.5 has a new Class ID (7DD62E55-5FA8-11D2-AFB7-00104B64F127).
The installer/ActiveX registration (regsvr32 svocx.ocx) adds the
"KillBit" and "AlternateCLSID" registry entries for the old Class
ID; the uninstaller removes them. This action maps the old Class
ID to the new one, so that no change is required to HTML OBJECT
CLASSID tags. Future web page development should use the new
CLASSID.
However, we have observed that the control will not immediately
start in Internet Explorer for an OBJECT with the old CLASSID
after installation, so the page has to be revisited in a new IE
window. Because of this, a special ZHP-only installer
"svinstall_zhp_ss" is available for the 8.3.5 release only, that
installs an extra copy of the activeX control as
"svocx126.ocx". registered under the old CLASSID. This installer
is used in the SwiftSend and WPS services. See F6319.
The new control+ClassID will not be executed by VB applications
built with prior version's ClassID. (This became an issue in
version 8.2.1, for a different reason, see B#6280.) VB
applications must be recompiled to use v8.3.5 or later. The
easiest way to recompile is to reimport the new control version
into the VB project and edit the project .frm and .vbp files to
change the classid to the new one:
< Object={7DD62E55-5FA8-11D2-AFB7-00104B64F126}#1.0#0; svocx.ocx
---
> Object={7DD62E55-5FA8-11D2-AFB7-00104B64F127}#1.0#0; svocx.ocx
Note that there is no significant security vulnerability created
by running the ActiveX control in a VB application, but having the
vunerable control installed and available for execution in IE is a
risk.
SwiftReprint's SwiftMarkup v2.7.2 has been updated to match this release.
KillBit reference: http://support.microsoft.com/kb/240797
B6303: bogus error message when direct printing only specified page sizes.
Displays "Could not output print data", but the print is successful.
B6305: zip file password entry problems.
Unix interactive password entry is totally broken after 8.2.1.
B6307: tiff, cals, jpeg file paths limited to 255 characters.
We now can handle up to our usual 1024 character path length when
reading these file types.
B6316: pdf encryptor utility fails with spaces in password.
A password like "foo bar" won't work.
B6315: Plugin web license not read for ICS document files.
If reading an ICS document file, the web license for an ldoc http:
in the ICS file is not being checked. No license error is
reported, and the web license features are ineffective.
(Broken in 8.2, fixed in 8.3.5.1)
B6318: Installer not checking for and reporting locked svocx.ocx.
The code didn't perform the right checks, so always fell back to
asking for a reboot. Now the user gets a chance to exit IE and
continue the install.
(8.3.5.1)
B6322: LAN installs fail copying plugin to Mozilla family.
If you do a LAN-based install and have Mozilla or Firefox, you get
the following error:
"Error copying plugin dll to plugins\c:\Program Files\mozilla.org\Mozilla\\npsview.dll, giving up on"
and the plugin is not installed.
(8.3.5.1)
B6334: Slow ICS+http: (e.g. SwiftSend) access to large files
Tiff files of any size, or PCL files greater than the ICS "set
cachesize" value (default 1.3mb, 2mb on SwiftSend), page and print
slowly due to repeated downloads.
On SwiftSend, this can lead to strange "bad file" errors
(Broken in 8.2.1, fixed in 8.3.5.2)