XOOPS: XOOPS 2.0.10 RC Released

Posted by: Mithrandiron 2005/4/3 9:44:37 20141 reads
We are happy to announce the release of XOOPS 2.0.10 RC

XOOPS version 2.0.10 RC is a security-improving release that lessens the use of fopen with URLs and brings a completely new tool for securing modules against CSRF attacks: The XoopsSecurity class.

Upgrade from, or a 2.0.10 beta by uploading all files in the RC patch and update the system module through modules administration.

This release contains files for the core-included versions of News and Newbb (1.1 and 1, respectively). If you use Newbb 2 and/or News 1.2 or later, you should not upload the files in modules/news and modules/newbb as they will mess up these modules.

Xoops 2.0.10 RC Full (.tar.gz)
Xoops 2.0.10 RC Full (.zip)
Xoops to 2.0.10 RC Patch (.tar.gz)
Xoops to 2.0.10 RC Patch (.zip)

The new class for handling security handles some routines including checking the HTTP REFERER and global variable contamination by request parameters.

It also introduces a token system for securing forms against CSRF attacks, explained in more detail in the followig pages.