We are happy to announce the release of XOOPS 2.0.10 RC
XOOPS version 2.0.10 RC is a security-improving release that lessens the use of fopen with URLs and brings a completely new tool for securing modules against CSRF attacks: The XoopsSecurity class.
Upgrade from 2.0.9.2, 2.0.9.3 or a 2.0.10 beta by uploading all files in the 2.0.9.2-2.0.10 RC patch and update the system module through modules administration.
This release contains files for the core-included versions of News and Newbb (1.1 and 1, respectively). If you use Newbb 2 and/or News 1.2 or later, you should not upload the files in modules/news and modules/newbb as they will mess up these modules.
==== XoopsSecurity ==== The new class for handling security handles some routines including checking the HTTP REFERER and global variable contamination by request parameters.
It also introduces a token system for securing forms against CSRF attacks, explained in more detail in the followig pages.