Re: Security Breached in XOOPS 2.2Is there any danger for 2.013?
Re: Security Breached in XOOPS 2.2Wow that's fast, the fix I mean. If only MS would be this fast in fixing exploits 
Nice job.
Re: Security Breached in XOOPS 2.2The exploit was introduced in XOOPS 2.2 and does not in any way affect 2.0.13 installations.
Apply the hotfix now to any 2.2 installations - be it 2.2 RC, 2.2 RC2 or 2.2 stable. ASAP!
Re: Security Breached in XOOPS 2.2Ouch, that explains alot.
Re: Security Breached in XOOPS 2.2Thanks for the super fast fix Mith
Enjoy your hols! 
Re: Security Hole in XOOPS 2.2 - hotfix availableWill the hotfix be included into the final-package...? or may I have to download it separately?
Greetings,
Wolle
Re: Security Hole in XOOPS 2.2 - hotfix availableExpect a new release shortly - as mentioned elsewhere, I'm almost gone on vacation now, so I only had time for the hotfix.
For now, get the full package and then the hotfix, if you are installing XOOPS 2.2 from scratch.
Re: Security Hole in XOOPS 2.2 - hotfix availableOk ... upgraded succesfull ... but I still have a problem with REFERER_BLOCK
Always when I login, it directs me to that page ... even if I did't change my firewal settings ... and before upgrade everything was working fine ...
Now it redirects me to that page and says I can't post normally ... but I can post normally...
Re: Security Hole in XOOPS 2.2 - hotfix availableSlovenian language pack updated!
Slovenian language pack (UPDATED) Download
Re: Security Breached in XOOPS 2.2I had an attack on my 2.013 database a few days before the XOOPS site went down. Just coincidence, I hope. There's no evidence it was XOOPS related.
Re: Security Breached in XOOPS 2.2Unrelated to this fix but important for folks that run their own server, besides xml_rpc fixes needed for some modules you should update your local Pear as mentioned on http://www.php.net
Update your pear xml_rpc::
Quote:
[01-Jul-2005] An easily exploitable security issue was discovered in PEAR XML_RPC <= 1.3.0. We recommend that users of this PEAR class immediately upgrade to the latest version with:
pear upgrade XML_RPC
The same security problem exists in many other XML RPC implementations, please check if the installed applications that you use might have a similar problem.
Re: Security Hole in XOOPS 2.2 - hotfix availableAnother two issues:
1. When I click on a user profile I can't see the button to send private message.
2. I can't find User Settings where you can set if users can register, set their own avatar ...
Re: Security Hole in XOOPS 2.2 - hotfix availableThanks..
Xoops... forever...
Re: Security Hole in XOOPS 2.2 - hotfix availableThanks :)
Re: Security Hole in XOOPS 2.2 - hotfix availableproblem fixed
Re: Security Hole in XOOPS 2.2 - hotfix availableproblem fixed
Re: Security Hole in XOOPS 2.2 - hotfix availableMith,
I know a ton of things have gone on but you should really make revision change on this release so it's clear whether or not they have the patch.
Re: Security Hole in XOOPS 2.2 - hotfix availableHi guys, first let me say that I truly understand, I was using a portal version of phpBB and was hacked, lost years of members, posts, images etc etc this is why I change to xoops.
Ok, I am using version 2.0.9.2 , So, o I need the hotfix?
sorry if this has been answere but, I read it was ver 2.2? oes that include 2.x.x.2's???
Re: Security Hole in XOOPS 2.2 - hotfix availableNo, you don't need the hotfix if you are using version 2.0.9.2.
It is only for the newly released XOOPS 2.2
Re: Security Hole in XOOPS 2.2 - hotfix availableFor the new PM module, how do we know if we received new private message from users? The link to inbox is also gone from the "User Menu", and I tried searching for blocks from PM Module to no avail. Can anyone point me to the right direction?
Re: Security Hole in XOOPS 2.2 - hotfix availablethe PM module is exactly my problem, cause you never know if you have a PM, i get alot of PM's but never know it until i decide to click on the link for it
Re: Security Hole in XOOPS 2.2 - hotfix availableYou can make a message that you have a new PM in your theme.
Check here!
Find the code and use it in your theme.
Re: Security Hole in XOOPS 2.2 - hotfix availableI already tried the code in custom block, but it doesn't work. The code can also be found here. Any other option?
Re: Security Hole in XOOPS 2.2 - hotfix availableHello,
I have a question:
How can I enable built-in WYSIWYG (koivi) editor on XOOPS 2.2?
Thanks
Re: Security Hole in XOOPS 2.2 - hotfix availabledo you guys suggest that we update from .13 to 2.2? if so and i havent downloaded the 2.2 yet does it need the fix? or is the zip available already fixed?
Re: Security Hole in XOOPS 2.2 - hotfix availableI have downloaded the XOOPS 2.2 Hotfix and there is no documentation how to fix it, where should I placed those error.php, modules and class folder? Can anyone help me with this?
Re: Security Hole in XOOPS 2.2 - hotfix availableQuote from the news item:
Quote:
Upload the contents to your webserver, overwriting the existing files.
Re: Security Hole in XOOPS 2.2 - hotfix availableHi
will this hotfix affects nonxoops modules or files. Yesterday when I run our site after applying the patch, it denied permssion for the nonxoops modules(Custom made files and folders).
Do you think it was because of the hotfix or any other operations that we have done.
Easo Thomas
Re: Security Hole in XOOPS 2.2 - hotfix availableThe hotfix consists of only three updated files:
class\database\mysqldatabase.php
modules\system\language\english\error.php
error.php
I don't see how this could affect non-XOOPS stuff, unless you copied these files to the wrong place and overwrote non-XOOPS files.
Re: Security Hole in XOOPS 2.2 - hotfix availableDoes the current 2.2 download reflect these updates or does it still need to be patched?
(Given no change in version number as mentioned by silvrhand and no answer to question from cplus.)
Re: Security Hole in XOOPS 2.2 - hotfix available[size=xx-large]PLEASE DELETE THIS POST!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!![/size]
Re: Security Hole in XOOPS 2.2 - hotfix availableyes, I can confirm this, the 2.2 download has not been hotfixed (is that a word?).
We're in the process of making a patch with more bugfixes, which we will release soon.
Herko
Re: Security Hole in XOOPS 2.2 - hotfix availableI'm using the Invision Board which required alterations in the core files - will the hotfix disable the board??
Re: Security Hole in XOOPS 2.2 - hotfix availableThis update is only for the 2.2 version of XOOPS. I was not aware that an IPB module was available for XOOPS 2.2 yet.
Re: Security Hole in XOOPS 2.2 - hotfix availableSorry my bad... I'm still on 2.0.10 because of the problems upgrading the core.
| Stats | |
| Goal: | $100.00 |
| Due Date: | Nov 30 |
| Gross Amount: | $0.00 |
| Net Balance: | $0.00 |
| Left to go: | $100.00 |
 |
|
