XOOPS: About XOOPS 2.5 Releases and Security Issues

Posted by: phpppOn 2011/4/12 20:10:00 8143 reads
As you have known, the XOOPS 2.5 series is focused on usability improvements based on XOOPS 2.3 and 2.4 releases.
In 2.5 releases the system module is updated with some very good experimental improvements. Unavoidably there are backward and forward compability issues and security weakness are introduced and the development team is continuously improving it.

Module developers are encouraged to check some of the new features and improvements in 2.5 but are advised to be careful with implementing new APIs and functionality in their modules for potential compatibility concerns, like admin menus and mainfile/secure.php change.

Updated: in order to avoid compatibility issue, if your modules work okay with 2.5, keep your modules and don't implement the 2.5-only features in a hurry. More details will be coming.

In terms of security issues, it has always been on top of the development team priority list. Security weakness in XOOPS 2.5 is being fixed and you should not worry about it.
One thing need to mention in particular though, there were LFI vulnerabilities reported since April 5th for XOOPS 2.5.0 and it was confirmed invalid after a thorough investigation by the development team. We will continue to improve XOOPS security in next release.

There are two bugs reported for module admin and custom block admin. Thank tatane, mr-reda04_fr, aitor, etc., they have been fixed in SVN and you can download the files directly from Sourceforge repository.

You might want to check for frequent development updates by following us on Twitter.
We look forward to your feedback and get XOOPS 2.5 secure and reliable.