Community Builder 1.0.1 – Security Release

Community Builder 1.0.1 - Security ReleaseThe CB Core team has been working hard during the past 48 hours on a security release 1.0.1 of the CB suite following the discovery of a vulnerability present in 1.0 RC2 and 1.0 stable on weakly configured web-servers.

It has been decided to release it as a highly-recommended critical security and stability update.

Your site needs urgent update to CB 1.0.1 if ALL of these PHP settings are met:

  1. php register_globals set to ON
  2. allow_url_fopen is ON 
  3. no open base directory limitations set 
  4. php code directories have write permissions from web-server process

Everyone is urged to upgrade asap, a REAME file is included in the release as usual.

Sites with the settings above are in danger.

The security release 1.0.1 is now available as package on our project area on the forge and in the downloads area of Joomlapolis. If your hosting environment meets all 4 of the above prerequisites you must upgrade immediately! Either way all installations should be upgraded ASAP.

Leave a comment

All fields marked (*) are required