Archive

Archive for the ‘News’ Category

Mambo 4.6 Public Beta

March 8th, 2006 No comments

[Mambo]

Team Mambo has released the Public Beta for version 4.6, the newest version of the Award-winning Mambo Open Source Content Management System. The beta release is provided in advance of the final release to encourage community feedback and to help third party developers understand better the changes which are being implemented in the system.

Note that the Beta is not intended for production websites, it is only released for feedback and testing purposes. For details, please refer to the full release announcement.

Categories: News

Geeklog 1.4.0sr2 and 1.3.11sr5

March 5th, 2006 No comments

[Geeklog]

Unfortunately, yet another Geeklog security issue has surfaced: Konstantin Dyakoff found an old bug in the session handling that would allow anyone to log in as any user. This bug exists in all Geeklog versions released since 2002.

To address this serious issue, we are releasing the 1.4.0sr2 and 1.3.11sr5 security updates and strongly suggest that you upgrade your site as soon as possible.

For details and upgrading instructions, please refer to the full release announcement.

Categories: News

Joomla! 1.0.8 released

February 26th, 2006 No comments

[Joomla!]

Joomla! 1.0.8 is now available for download. “We highly recommend that you upgrade to this version. 1.0.8 contains 37 security fixes, 70+ general bug fixes and several performance enhancements.

Shortly after the public release of Joomla! 1.0.7, a public discussion on the Joomla! forums reported that Poll data was visible or accessible despite being Unpublished – it was also mentioned that other unpublished core data may also be visible.

To properly investigate the matter and to ensure there weren’t other similar vulnerabilities within the Joomla! core code base a Security Audit was instituted.

The results of this audit make up a large bulk (30+) of the security fixes contained in 1.0.8.

You can find details, upgrading instructions, and the mentioned Security Audit in the release announcement.

Categories: News

MDPro 1.0.76 released

February 21st, 2006 No comments

[MDPro]

MDPro 1.0.76 is ready and available for download. “As we have said previously, we have stopped development of the 1.0.7x branch. All efforts of the MAXdev staff are now directed to MDLite, which will be the first MD with a light core and MD 1.1, with a completely new core.
We have decided to release a maintenance update with all security fixes included, including a fix for a recently discovered security exploitation.

For details and upgrading instructions, please look at the release announcement. MAXdev recommends all admins upgrade their websites ASAP.

Categories: News

Geeklog 1.4.0sr1 and 1.3.11sr4

February 19th, 2006 No comments

[Geeklog]

James Bercegay of GulfTech Security Research reported several issues with Geeklog’s cookie handling that made it vulnerable to SQL injections, arbitrary file access, and even injection and execution of arbitrary code. To fix those issues, we are releasing Geeklog 1.4.0sr1 and 1.3.11sr4 and strongly suggest that you install those updates as soon as possible.

For full details and upgrading instructions, please read the release announcement.

Categories: News

PostNuke .762 released

February 17th, 2006 No comments

[PostNuke]

The PostNuke development team is pleased to announce the release of PostNuke .762. “This release addresses a number of issues found since the release of .761, and also introduces new security enhancements.

PostNuke .762 has been audited by Maksymilian Arciemowicz of www.securityreason.com for security vulnerabilities, and as a result a great deal of work on security has gone into this release. The PostNuke team thanks Maksymilian for his work, and we hope this will improve PostNuke’s existing strong security record. Further audits will be carried out on the PostNuke .8 codebase prior to release.

As a result of the security enhancements in .762, it is advised that all site administrators update their sites immediately to ensure they stay secure.

For additional details please refer to the PostNuke .762 release announcement.

Categories: News

Geeklog 1.4.0

February 5th, 2006 No comments

[Geeklog]

After almost one year in development, a public beta and two release candidates, today Geeklog 1.4.0 has been released. This “is one of the biggest updates in Geeklog’s history and introduces many new features and changes. Among them:

* Geeklog now works with register_globals = off.
* Ships with FCKeditor (WYSIWYG editor).
* Supports Trackback, Pingback, and pinging weblog directories.
* New syndication framework that can both read and write feeds in RSS (0.9x and 2.0), RDF, and Atom (0.3 and 1.0 formats.

For additional information, please read the full Geeklog release announcement.

Categories: News