October 3, 2002

PostNuke releases new Extended and Enhanced Security Fix

Harry Zink writes: "On the heels of the recently discovered Cross-Site Scripting vulnerability a new effort to better the previous solution emerged out of a collaboration with members of the Envolution team (a PostNuke(tm) fork), The PostNuke(tm) Project has released an even better fix that solves most common attacks and removes a flaw encountered in the Web_Links module."

We wish to extend our gratitude to Timax, WebMedic and of course LarsNeo which were the authors of this new patch.

"The friendly collaboration between our diverse groups that resulted in this fix truly demonstrates the spirit and results of successful open source projects - quick responsiveness, without silly 'competitive' concerns", comments Harry Zink, project manager of The PostNuke(tm) Project.

It is recommended you apply this immediately in order to safeguard against malicious individuals.

The current fix applies to PostNuke v0.7.21, and will be incorporated in the upcoming v0.7.22 release. In order to also provide code for previous versions of Postnuke(tm) an article with details with be posted shortly at www.PostNuke.com and dev.PostNuke.com.

You can download the current fix file with instructions at: http://developers.postnuke.com/phpBB2/viewtopic.ph p?p=178#178

The PostNuke(tm) Project is one of the most popular php-based CMS/Weblog projects with a thriving developer community, and dedication to its user community. Come join us!"

Link: http://developers.postnuke.com/

Click Here!