XOOPS: XOOPS 2.2.2 and 2.0.13.1 are released

Posted by: Mithrandiron 2005/8/15 21:30:00 18402 reads
We were recently made aware of a potential problem with certain XOOPS files disclosing physical server paths when accessed directly from a browser.

This problem exists in both XOOPS 2.0.13 (and previous versions) and XOOPS 2.2.x and we have therefore fixed this problem in the core files for new releases in both the 2.0.x and 2.2.x branches and recommend that all 2.0.13 (and previous versions) users update their installations to 2.0.13.1 and that all XOOPS 2.2 and 2.2.1 users update to version 2.2.2 at earliest convenience.

Please note that some module files are changed in 2.0.13.1 and if you use newer versions of these modules do not overwrite your existing module files with the files in this package

A similar problem can come from module files and we therefore encourage all module developers to look through their files meant to be included in other files and therefore disclosing physical server paths to place this code snippet at the top of the files in question:

Quote:

if (!defined("XOOPS_ROOT_PATH")) {
die("XOOPS root path not defined");
}


skalpa.>

Upgrade Instructions
Upload files inside the html folder from the appropriate upgrade patch to the webserver - that's it.

Download XOOPS 2.0.13.1:
XOOPS 2.0.13.1 full (stable)
Download

XOOPS 2.0.13 to 2.0.13.1 patch
Download

XOOPS 2.0.12a to 2.0.13.1 patch
.zip | tarball
XOOPS 2.0.10 to 2.0.13.1 patch (use this to update 2.0.10, 2.0.11 and 2.0.12)
.zip | tarball

Download XOOPS 2.2.2:
(Known stability and compatibility problems with some modules)

XOOPS 2.2.2 full (YMMV)
Download

XOOPS 2.2.1 to 2.2.2 patch
Download