Release Status

XOOPS 2.0.7 release pulled back

Herko  15-Jun-2004 06:26 4484 Reads  28
Some of you may have noticed that earlier today we released the new bugfix of the XOOPS 2.0 system: 2.0.7. We had to pull back that release due to the discovery of a very difficult but dangerous security bug in the system. The 2.0.7 release tries to fix this, but the fix itself breaks some XOOPS installs.
This security vulnerability is dangerous when the XOOPS install is on a shared hosting environment with php safe_mode off, and allows reading of mainfile.php content in shared hosting environments. This vulnerability is still present in XOOPS 2.0, but Skalpa has been up all night to fix this. The XOOPS Core Development Team will release a fixed version of 2.0.7 soon, including an updater for mainfile.php.

Also, I'd like to point out that this issue isn't unique to XOOPS, but to most PHP CMS's.

Rating 0/5
Rating: 0/5 (0 votes)
Votes are disable!
Print article


Login

Username:
Password:

Lost Password? Register now!

Who's Online

72 user(s) are online (3 user(s) are browsing Publisher)


Members: 0


Guests: 72


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Jun 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits

Categories