As per this announcement blatently stolen from slashdot, does the XOOPS API use the unserialize() function and is it vulnerable to this security hole in PHP?

I have recompiled PHP anyhow just to be safe, but just wondering if 90% of xoopsers who are hosted on shared hosting and cannot recompile themselves, if they are vulnerable to this.

And what measures other than upgrading php can be taken to secure XOOPS from this - assuming of course that it uses the unserialize() function at all.

Heno.

Yes it uses, and I'd guess it's vulnerable due to the kind of use it has. Damn it, PHP

I stopped apache, deleted the PHP folder, copied the new folder over and then copied the 2 .DLL's I needed to the system32 folder. Restarted apache. done in about 45 secs.

Really not that hard to update PHP.

Only real issue as was mentioned above is if you dont own/have admin rights then thats a issue sadly