Haberler / Duyurular / Security update for Genoa

Security update for Genoa

This page is not translated yet. Showing original version of page. You can sign up and help with translating.
An important security bug has been detected in Cotonti 0.6.x that might affect some sites with magic_quotes_gpc=Off. That's why today we have released 0.6.9 which fixes this bug and also improves our security and authentication mechanisms as requested by the community. Here are the changes:
  • An important security fix and improvements for the rc.php static resource compressor
  • Authentication security and stability improvement backported from Siena
  • Anti-XSS improvement backported from Siena
  • Authentication support for multi-domain sites (with "remember me")

This update is strongly recommended, download it now. Note: right after the update all users will have to relogin into the site.

If you wonder about Siena, it is still under heavy development.
1. tensh  2010-07-16 20:25
Thanked:
12 kez
What does it mean:
Trustmaster:
"right after the update all users will have to relogin into the site."

Does it mean that if they do it later, they won't be able to log in?
2. Trustmaster  2010-07-16 21:05
Thanked:
265 kez
No it doesn't mean anything of that kind. It only means that their current session will be cancelled.
3. Oughtem  2010-07-20 03:47
Thanked:
6 kez
На русском бы...
4. Trustmaster  2010-07-20 22:09
Thanked:
265 kez
Russian version of the news post
5. donP  2010-07-22 22:34
I've opened a new tiket, cause the header.php change has a defect...
look here: http://trac.cotonti.com/ticket/505
6. Trustmaster  2010-07-23 16:50
Thanked:
265 kez
Fixed in r1256, the download has been repackaged.