XOOPS: XOOPS 2.0.10 BETA Released

Posted by: Mithrandiron 2005/3/26 15:39:57 15897 reads The XOOPS Core Development Team brings you a beta version of the next step in XOOPS Development.

XOOPS version 2.0.10 beta is a security-improving release that lessens the use of fopen with URLs and brings a completely new tool for securing modules against CSRF attacks: The XoopsSecurity class.

This is just a beta for now, since the token system still needs some testing, but provided we get enough positive feedback, a final 2.0.10 release should be released within 1-2 weeks.

This release contains files for the core-included versions of News and Newbb (1.1 and 1, respectively). If you use Newbb 2 and/or News 1.2 or later, you should not upload the files in modules/news and modules/newbb as they will mess up these modules.

Xoops 2.0.10 Beta Full (.tar.gz)
Xoops 2.0.10 Beta Full (.zip)
Xoops 2.0.9.3 to 2.0.10 Beta Patch (.tar.gz)
Xoops 2.0.9.3 to 2.0.10 Beta Patch (.zip)

====
XoopsSecurity
====
The new class for handling security handles some routines including checking the HTTP REFERER and global variable contamination by request parameters.

It also introduces a token system for securing forms against CSRF attacks.