An important security bug has been detected in Cotonti 0.6.x that might affect some sites with magic_quotes_gpc=Off. That's why today we have released 0.6.9 which fixes this bug and also improves our security and authentication mechanisms as requested by the community. Here are the changes:
- An important security fix and improvements for the rc.php static resource compressor
- Authentication security and stability improvement backported from Siena
- Anti-XSS improvement backported from Siena
- Authentication support for multi-domain sites (with "remember me")
This update is strongly recommended, download it now
. Note: right after the update all users will have to relogin into the site.
If you wonder about Siena, it is still under heavy development.