XOOPS: XOOPS 2.0.10 RC Released

Posted by: Mithrandiron 2005/4/3 9:44:37 18002 reads We are happy to announce the release of XOOPS 2.0.10 RC

XOOPS version 2.0.10 RC is a security-improving release that lessens the use of fopen with URLs and brings a completely new tool for securing modules against CSRF attacks: The XoopsSecurity class.

Upgrade from 2.0.9.2, 2.0.9.3 or a 2.0.10 beta by uploading all files in the 2.0.9.2-2.0.10 RC patch and update the system module through modules administration.

This release contains files for the core-included versions of News and Newbb (1.1 and 1, respectively). If you use Newbb 2 and/or News 1.2 or later, you should not upload the files in modules/news and modules/newbb as they will mess up these modules.

Xoops 2.0.10 RC Full (.tar.gz)
Xoops 2.0.10 RC Full (.zip)
Xoops 2.0.9.2/2.0.9.3 to 2.0.10 RC Patch (.tar.gz)
Xoops 2.0.9.2/2.0.9.3 to 2.0.10 RC Patch (.zip)


====
XoopsSecurity
====
The new class for handling security handles some routines including checking the HTTP REFERER and global variable contamination by request parameters.

It also introduces a token system for securing forms against CSRF attacks, explained in more detail in the followig pages.