GOZERBOT 0.9 RELEASED

Finally gozerbot 0.9 has been released.  This is a huge step forward to version 1.0 and contains a number of changes:

• use json as the format to save data in instead of pickles
• let config files also use json, this makes them more readable and human editable
• remove popen usage from the bot core
• remove execfile() calls from the bot core
• rewrite the gozerbot package into several subpackages
• use sqlaclhemy to provide database backend (sqlite3 is default)
• require python2.5
• move most of the plugins into their own package
• restructure the gozerdata layout so its more readable

All these changes makes upgrading from older versions of gozerbot necessary so a gozerbot-upgrade program is provided (upgrading from 0.7 is not supported yet, will follow soon).

See http://gozerbot.org on how to install gozerbot 0.9

shell injection bug found in the ping.py plugin

last week a shell injection bug was found in the ping.py plugin. this plugin is not part of the basic gozerbot distribution but can be installed from a remote plugin server with the !install-plug command. this plugin is also provided with the following gozerplug distributions:

• gozerplugs-BETA1.tar.gz
• gozerplugs-BETA2.tar.gz
• gozerplugs-BETA3.tar.gz

all gozerbot maintainers are asked to remove the ping.py plugin from the myplugs (0.8) or gozerplugs (0.9) directory and restart the bot.

because this is a serious bug the gozerbot core is rewritten to remove usage of popen as much as possible and not to allow remote execution of popen calls to the user. therefor the install plugin and upgrade plugins have been removed from core and a seperate program gozerbot-install has been made to allow bot maintainers to install remote plugins while not exposing the installation of plugins to bot users.

this is all done in the new 0.9 release of gozerbot which i will anounce soon.

Bart