Release Status

XOOPS 2.0.7 release pulled back

Herko  15-Jun-2004 06:26 4617 Reads   28 Comment(s) 
Some of you may have noticed that earlier today we released the new bugfix of the XOOPS 2.0 system: 2.0.7. We had to pull back that release due to the discovery of a very difficult but dangerous security bug in the system. The 2.0.7 release tries to fix this, but the fix itself breaks some XOOPS installs.
This security vulnerability is dangerous when the XOOPS install is on a shared hosting environment with php safe_mode off, and allows reading of mainfile.php content in shared hosting environments. This vulnerability is still present in XOOPS 2.0, but Skalpa has been up all night to fix this. The XOOPS Core Development Team will release a fixed version of 2.0.7 soon, including an updater for mainfile.php.

Also, I'd like to point out that this issue isn't unique to XOOPS, but to most PHP CMS's.

Rating 0/5
Rating: 0/5 (0 votes)
Voting is disabled!


Login

Who's Online

216 user(s) are online (1 user(s) are browsing Publisher)


Members: 0


Guests: 216


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Dec 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits

Categories