The XOOPS Development Team is pleased to announce the release of a security patch for XOOPS 22.214.171.124 Final.
This patch for XOOPS 126.96.36.199 corrects multiple issues.
We would like to specifically thank Tim Coen of (Curesec GmbH), who notified us about these issues.
All XOOPS 2.5.7 users are advised to apply this patch as soon as possible.
It is also recommended that all XOOPS administrators practice defense in depth, including: - have the Protector module installed active - stay current with all patches - be cautious with administative account use (only when needed, no autologin) - caution in clicking links in messages and other untrusted sources