Support » Requests and Feedback » Security fixes in b2evolution (a b2 fork)

  • Resolved Anonymous

    Francois Planque announced a maintenance release of b2evolution (a b2 fork) and mentioned a couple of vulnerabilities and that they could affect other forks of b2. Can the developers check this out at http://b2evolution.net?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Hi,
    I’ve looked at all the vulnerability fixes and they are all protecting against the legitimate content. E.g. your user profile data, post titles on the admin page etc. , rather than third party input e.g. comments.
    Further, these fixes use a piece of functionality which has been removed from WP (because it didn’t actually do anything!)
    So, unless you have registered users you cannot trust you are unlikely to need these fixes.
    When I’ve examined them some more I may add them to the WP code. But given my understanding of the changes, I don’t see this as a high priorityat the moment.
    I’m happy to be corrected.
    Mike

    Moderator Matt Mullenweg

    (@matt)

    Troublemaker

    Yes, it doesn’t look like anything to get excited about.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Security fixes in b2evolution (a b2 fork)’ is closed to new replies.