Cotonti / Open Source PHP Content Management FrameworkContent Management Framework

Security update for Genoa

News / Announcements / Security update for Genoa

0.6.9 comes with security improvements

An important security bug has been detected in Cotonti 0.6.x that might affect some sites with magic_quotes_gpc=Off. That's why today we have released 0.6.9 which fixes this bug and also improves our security and authentication mechanisms as requested by the community. Here are the changes:
  • An important security fix and improvements for the rc.php static resource compressor
  • Authentication security and stability improvement backported from Siena
  • Anti-XSS improvement backported from Siena
  • Authentication support for multi-domain sites (with "remember me")

This update is strongly recommended, download it now. Note: right after the update all users will have to relogin into the site.

If you wonder about Siena, it is still under heavy development.


1. tensh  2010-07-16 20:25

Thanks: 0

What does it mean:
Trustmaster:
"right after the update all users will have to relogin into the site."

Does it mean that if they do it later, they won't be able to log in?
2. Trustmaster  2010-07-16 21:05

Thanks: 0

No it doesn't mean anything of that kind. It only means that their current session will be cancelled.
3. Oughtem  2010-07-20 03:47

Thanks: 0

На русском бы...
4. Trustmaster  2010-07-20 22:09

Thanks: 0

Russian version of the news post
5. donP  2010-07-22 22:34

Thanks: 0

I've opened a new tiket, cause the header.php change has a defect...
look here: http://trac.cotonti.com/ticket/505
6. Trustmaster  2010-07-23 16:50

Thanks: 0

Fixed in r1256, the download has been repackaged.

Total: 6, on page: 6

Only registered users can post new comments