[resolved] Security fixes in b2evolution (a b2 fork) (3 posts)

  1. Anonymous
    Posted 12 years ago #

    Francois Planque announced a maintenance release of b2evolution (a b2 fork) and mentioned a couple of vulnerabilities and that they could affect other forks of b2. Can the developers check this out at http://b2evolution.net?

  2. Mike Little
    Posted 12 years ago #

    I've looked at all the vulnerability fixes and they are all protecting against the legitimate content. E.g. your user profile data, post titles on the admin page etc. , rather than third party input e.g. comments.
    Further, these fixes use a piece of functionality which has been removed from WP (because it didn't actually do anything!)
    So, unless you have registered users you cannot trust you are unlikely to need these fixes.
    When I've examined them some more I may add them to the WP code. But given my understanding of the changes, I don't see this as a high priorityat the moment.
    I'm happy to be corrected.

  3. Matt Mullenweg
    Posted 12 years ago #

    Yes, it doesn't look like anything to get excited about.

Topic Closed

This topic has been closed to new replies.

About this Topic


No tags yet.