XOOPS: XOOPS 2.0.10 Stable Released

Posted by: Mithrandiron 2005/4/23 17:16:00 24139 reads The XOOPS Core Development Team brings you the next step in XOOPS Development.

XOOPS version 2.0.10 is a security-improving release that lessens the use of fopen with URLs and brings a completely new tool for securing modules against CSRF attacks: The XoopsSecurity class (explained in the further pages)

This release contains files for the core-included versions of News and Newbb (1.1 and 1, respectively). If you use Newbb 2 and/or News 1.2 or later, you should not upload the files in modules/news and modules/newbb as they will mess up these modules.

This will also be the last release with "Core Modules" as you know them. News, Newbb, Mylinks and the rest will be replaced with module packages targeting different types of websites. However, the term "Core Module" will not disappear totally, but shift definition from "Module included with the core package" to "Module managing the core". More information on this will be given along with the development of XOOPS 2.1.0

Xoops 2.0.10 Full (.tar.gz)
Xoops 2.0.10 Full (.zip)
Xoops 2.0.9.2 to 2.0.10 Patch (.tar.gz)
Xoops 2.0.9.2 to 2.0.10 Patch (.zip)

====
XoopsSecurity
====
The new class for handling security handles some routines including checking the HTTP REFERER and global variable contamination by request parameters.

It also introduces a token system for securing forms against CSRF attacks.