XOOPS: XOOPS 2.5.7.1 Security Patch Released

Posted by: MambaOn 2014/11/25 5:20:00 19517 reads
The XOOPS Development Team is pleased to announce the release of a security patch for XOOPS 2.5.7 Final.

This patch for XOOPS 2.5.7 corrects the following issues:

- CSRF and XSS issues reported by Dingjie 'Daniel' Yang of Web Security Lens
- XSS and best practice issues reported by Narendra Bhati

We would like to specifically thank our friends Dingjie 'Daniel' Yang of Web Security Lens and Narendra Bhati, who notified us about these issues, and to Richard (aka Geekwright), our Core Team Leader, who provided the fixes.

All XOOPS 2.5.7 users are advised to apply this patch as soon as possible.

Download: You can download the patch from XOOPS File Repository on SourceForge

Any users that are running an older XOOPS version are advised to update to XOOPS 2.5.7.1 now, which includes the patch.

Resized Image

You can find more information about the original XOOPS 2.5.7 release in this article