|
Written by willebil
|
|
Tuesday, 05 February 2008 |
Security announcement
After releasing Joomla! 1.5 stable we have discovered a high priority security issue. The vulnerability has been discovered in XML-RPC in combination with the blogger API. There is a security problem in this code that makes it possible to alter the articles on your site (including removal). This problems has been fixed currently by members of the development team and the Joomla! bug squad, solution is now available from Subversion. So what do you need to do until we release Joomla! 1.5.1?
All Joomla! users who have enabled the XML-RPC Blogger API plugin should disable it!
If you have never enabled this plugin you do not need to do anything.
Progress toward 1.5.1
Beside this security fix we have been working on fixing other issues that where found after we released Joomla! 1.5. Let’s share the 1.5.1 highlights thus far:
-
Fixed XML-RPC/Blogger security issue.
-
Fix to sef issues including creation of optional livesite parameter if
needed which will also allow reverse proxy.
-
Change to mass mail so that blind carbon is used, protecting email addresses
of your users.
-
Fix to date function that was causing an error in the end publication date
for some systems.
-
Fixed UTF 8 database detection
-
Addressed a number of internationalization issues.
-
Fixes to a number of minor issues
More help?
Thanks to all who have contributed issue reports, comments, suggestions and patches and for those who have tested proposed patches. You can help by following the tracker. In particular, you can help by:
-
confirming or disconfirming open issues,
-
proposing solutions (preferably with a patch file) for confirmed issues
-
testing patches associated with pendng issues.
And of course you can join the Joomla! bug squad if you want to help out on a regular basis 
Read original post at source site... .
| Comments () >> |
 |
 |
![[image: Joomla Feed logo]](images/stories/mainsite/joomlafeed_head_600w.jpg)
joomla news 