XOOPS: XOOPS 2.0.10 RC ReleasedPosted by: Mithrandiron 2005/4/3 9:44:37 18002 reads We are happy to announce the release of XOOPS 2.0.10 RC
XOOPS version 2.0.10 RC is a security-improving release that lessens the use of fopen with URLs and brings a completely new tool for securing modules against CSRF attacks: The XoopsSecurity class.
Upgrade from 220.127.116.11, 18.104.22.168 or a 2.0.10 beta by uploading all files in the 22.214.171.124-2.0.10 RC patch and update the system module through modules administration.
This release contains files for the core-included versions of News and Newbb (1.1 and 1, respectively). If you use Newbb 2 and/or News 1.2 or later, you should not upload the files in modules/news and modules/newbb as they will mess up these modules.
Xoops 2.0.10 RC Full (.tar.gz)
Xoops 2.0.10 RC Full (.zip)
Xoops 126.96.36.199/188.8.131.52 to 2.0.10 RC Patch (.tar.gz)
Xoops 184.108.40.206/220.127.116.11 to 2.0.10 RC Patch (.zip)
The new class for handling security handles some routines including checking the HTTP REFERER and global variable contamination by request parameters.
It also introduces a token system for securing forms against CSRF attacks, explained in more detail in the followig pages.