[PLUG-Devel] Security Audit of Joomla!
Brian Cluff
brian at snaptek.com
Mon Sep 11 23:10:05 MST 2006
Alan Dayley wrote:
> Why is it out of our control? If we did an audit, based on a known tag
> or version of the source, within the submission guidelines of the
> project, I'd think we have much control to see our fixes into Joomla! or
> any other FS project.
>
> Perhaps that is not as true as I think but I still like the idea of this
> project, if someone were to take it on.
Sorry, I was talking about admining the machine. I believe that you had
told us in the past the you didn't have direct control over the actual OS.
FYI here's what the joomla website says about the new version (sounds
like a fairly major fix to me):
Monday 28th August 2006 24:00 UTC [the article was posed on the 29th]
All existing Joomla! users MUST UPGRADE to this version, due to several
High Level vulnerabilities that affect ALL Previous versions of Joomla!
1.0.11 contains the following critical security fixes:
* 04 High Level Security Fixes
* 04 Medium Level Security Fixes
* 18 Low Level security
* 25 General bug fixes
I just had to upgrade about 2 dozen servers... I just have a huge amount
of love for shell scripts. If it wasn't for them, It would have taken
me forever to upgrade them and then do the security tweeks that they new
version was asking for.
Brian
More information about the PLUG-devel
mailing list