This is an important and urgent security advisory from CB Team: Upgrade all your Community Builder 1.0 and 1.1 installations to CB 1.2.1 as soon as possible.

We have received yesterday a private report from a Joomlapolitan about a critical vulnerability of CB 1.1, that we could now reproduce and confirm.

Community Builder 1.2 and 1.2.1 (as well as all CB 1.2 RC releases) are safe to our knowledge and NOT affected, as the corresponding CB 1.0/1.1 code has been entirely rewritten for CB 1.2.

CB 1.1 vulnerability is critical, highest level.

Our researches indicate that no exploit for this vulnerability is public, and that this vulnerability is not yet published on the Internet, but we might be wrong or it can happen anytime. So please, please, *urgently* upgrade now all your sites and forward this message to people using old CB releases! Thank you!

CB 1.1 has been released almost 2 years ago on August 9th 2007, without any discovered exploitable vulnerabilities and exploits during almost 2 years up to yesterday.

CB 1.2 stable has been released 27 January 2009, almost 6 months ago now, introduces many new levels of security, and is a very smooth upgrade to CB 1.1 and earlier (there is a README_UPGRADE.txt file in package), CB 1.2.1, released less than a month ago, fixes all reported issues of CB 1.2, so is really stable. CB development continues full steam ahead with an expanded team.

You can download CB 1.2.1 now by clicking this link and logging in on joomlapolis, then click the "download" button.

Here links to latest news from Joomlapolis.com :

TrackBack URI for this entry

Comments (0)

Name

Email

Comment

smaller | bigger

Add Comment