Community Builder 1.0.1 – Security Release

Community Builder 1.0.1 - Security ReleaseThe CB Core team has been working hard during the past 48 hours on a security release 1.0.1 of the CB suite following the discovery of a vulnerability present in 1.0 RC2 and 1.0 stable on weakly configured web-servers.

It has been decided to release it as a highly-recommended critical security and stability update.

Your site needs urgent update to CB 1.0.1 if ALL of these PHP settings are met:

  1. php register_globals set to ON
  2. allow_url_fopen is ON 
  3. no open base directory limitations set 
  4. php code directories have write permissions from web-server process

Everyone is urged to upgrade asap, a REAME file is included in the release as usual.

Sites with the settings above are in danger.

Update:
The security release 1.0.1 is now available as package on our project area on the forge and in the downloads area of Joomlapolis. If your hosting environment meets all 4 of the above prerequisites you must upgrade immediately! Either way all installations should be upgraded ASAP.

Leave a comment

All fields marked (*) are required