Headline
CVE-2018-25071: Release LMeve for ESI · roxlukas/lmeve
A vulnerability was found in roxlukas LMeve up to 0.1.58. It has been rated as critical. Affected by this issue is the function insert_log of the file wwwroot/ccpwgl/proxy.php. The manipulation of the argument fetch leads to sql injection. Upgrading to version 0.1.59-beta is able to address this issue. The name of the patch is c25ff7fe83a2cda1fcb365b182365adc3ffae332. It is recommended to upgrade the affected component. VDB-217610 is the identifier assigned to this vulnerability.
The following functions now work using data from ESI
- added Markets route
- pulls Jita prices from /markets//orders/ (default: Jita/The Forge)
- pulls game calculated average and adjusted prices for each typeID
- removed eve-central.com - all data comes solely from ESI now
- added Corporation Market Orders
- added Corporation Contracts and Contract Items
- Buyback feature works again
- Wallet Balance
- Wallet Journal
- Wallet Transactions
- added ‘KIT’ endpoint in LMeve Northbound API. Usage: api.php?key=&endpoint=KIT
- added XML format - use ‘output=xml’ and ‘output=json’ in URL to select format
- Assets
- Industry System Indices support added
- Killmail support added
- Adjusted killmail view ( killmails are now ESI verified 🙂 )
- Killboard is back up!
- Corp Blueprint support added
- ME/TE values are based on actual Corp Blueprints
Additional changes:
- fixed a bug in Universe route
- moved ESI settings to GUI
- added ability to use data from Sisi (support for ESI datasource)
- GUI tuning for Buyback feature (ESI has new contract states)
- Deprecated and disabled everything that mentions old XML API
- Bug fix in X-Pages support
- Twitter card meta tags for Killboard - links look nice when sharing killmails
- Added Item Price fetching/Buyback displaying/Stock tracking to Item Group view
- Added support for Decryptors