The XOOPS Development Team
is pleased to announce the release of a security patch for XOOPS 2.5.7 Final.
This patch for XOOPS 2.5.7 corrects the following issues:
- CSRF and XSS issues reported by Dingjie 'Daniel' Yang of Web Security Lens
- XSS and best practice issues reported by Narendra Bhati
We would like to specifically thank our friends Dingjie 'Daniel' Yang of Web Security Lens
and Narendra Bhati
, who notified us about these issues, and to Richard (aka Geekwright)
, our Core Team Leader, who provided the fixes. All XOOPS 2.5.7 users are advised to apply this patch as soon as possible. Download:
You can download the patch from XOOPS File Repository on SourceForge
Any users that are running an older XOOPS version are advised to update to XOOPS 220.127.116.11
now, which includes the patch.
You can find more information about the original XOOPS 2.5.7 release in this article