Official support for phpBB2 ended on January 1, 2009, and the 2.0.x support forums have been locked. Furthermore all development for phpBB2, including security patches, has ceased as of February 1, 2009.[27] Other information pertaining to phpBB2 on the phpBB.com website will be removed over the coming months and phpBB2 will likely be fully phased out by the second half of 2009. However, a number of unofficial support sites for phpBB2 have formed to fill the void and will likely continue supporting phpBB2 indefinitely.

Many administrators still prefer to run phpBB2 because it provides a much simpler administration interface and has a thriving ecosystem of MODs (modifications) and styles that allow admins many options for customising the software to their liking. Others still run phpBB2 because they have installed many MODs, none of which can function in phpBB3.

The default theme in phpBB2 is named subSilver, and was designed by Tom “subBlue” Beddard. At the time that it premiered in 2001, it was a revolutionary new design for bulletin boards[citation needed], and many bulletin board themes since have borrowed many cues and design elements from subSilver.

Some of phpBB2′s major features included the following:

• A templated style system intended to allow easy customisation that keeps the PHP code separate from the HTML.
• Support for internationalisation through a language pack system; 48 translations are available for phpBB2 as of 2007.
• Compatibility with multiple database management systems including MySQL, PostgreSQL, Microsoft SQL Server, and Microsoft Access,
• Easy customisations, including MODs and styles.

The last official release of the 2.0.x line is 2.0.23, released on February 17, 2008. However, the code for phpBB 2.0.24 still remains, unreleased, in the SVN repository.

About PhpBB

phpBB is a popular Internet forum package written in the PHP scripting language. The name “phpBB” is an abbreviation of PHP Bulletin Board. Available under the GNU General Public License, phpBB is a free software. phpBB was started by James Atkinson as a simple UBB-like forum for his own website …

Incoming search terms:

• powered by phpbb2 check / uncheck all my account
• welcome powered by phpbb2
• powered by phpbb2 you can use special characters below or after logging in by changing your displayed name in your profile yabb se dev team
• powered by phpBB it software release management
• tube phpbb2
• powered by phpbb2
• phpbb2
• europeans phpbb2
• phpbb2 themes
• pertinent phpbb

phpBB was started by James Atkinson as a simple UBB-like forum for his own website on June 17, 2000. Nathan Codding and John Abela joined the development team after phpBB’s CVS repository was moved to SourceForge.net, and work on 1.0.0 began. A fully functional, pre-release version of phpBB was made available in July.

phpBB 1.0.0 was released on December 9, 2000, with subsequent improvements to the 1.x codebase coming in two more major installments. The final release in the 1.x line was phpBB 1.4.4, released on November 6, 2001. During the lifetime of the 1.x series, Bart van Bragt, Paul S. Owen (former co-manager of the project), Jonathan Haase and Frank Feingold joined the team. phpBB 1.x is no longer supported and virtually no websites continue to use it.

In February 2001, phpBB 2.0.x began development entirely from scratch; the developer’s ambitions for phpBB had outgrown the original codebase. Doug Kelly joined the team shortly afterwards. After a year of development and extensive testing, phpBB 2.0.0, dubbed the “Super Furry” version, was released on April 4, 2002, three days later than intended.

Work on phpBB 3.0.x began in late 2002. It was originally intended to be released as phpBB 2.2, and the first planned feature list was announced on May 25, 2003.[4] However, as development progressed, the developers realised that phpBB 2.1.x (the development release cycle for 2.2) had eliminated virtually all compatibility with the 2.0.x line, the version number for release was changed to 3.0.0, in keeping with the Linux kernel versioning scheme. In September 2005, Paul Owen resigned as the Development Team Leader and Meik Sievertsen was promoted to the role.

In March 2007, the phpBB teams had planned to undergo a short round of server maintenance, however the server crashed during the outage, suffering a double-disk failure and causing phpBB.com to be down for the full week. (The phpBB teams indicated that phpBB, the software, was not the cause of the outage.) However, due to the unexpected outage, the teams decided to change their original plans and launch their brand new website, powered by phpBB3 and the new prosilver theme. This was a big surprise to most, as the theme had been a heavily guarded secret, never before seen by the public, and was originally not intended to be revealed until the final release of phpBB 3.0.0. Initial feedback was split, with many applauding the new theme and others criticising a number of new design decisions, particularly the decision to display the user info on the right side of the viewtopic page (phpBB2′s subSilver theme had displayed it on the left).

On April 30, 2007, phpBB founder and co-Project Manager James Atkinson officially resigned from his duties towards phpBB, citing personal circumstances. With the announcement also came the announcement that phpBB was now newly independent, and that the team leaders would be collectively taking charge of the decisions in the future of the project. At the end of May, an announcement was made that Jonathan “SHS`” Stanley, the other co-Project Manager, was stepping down as well for personal reasons.

On July 7, 2007, the teams announced that phpBB had been nominated as a finalist for the SourceForge.net Community Choice Awards in the category of “Best Project for Communications”. At the end of the month, SourceForge.net announced that phpBB had won the award for “Best Project for Communications”, and in honour of the award, SourceForge.net donated $1000 in phpBB’s name to Marie Curie Cancer Care. phpBB also won a “Thingamagoop” from Bleep Labs, and “bragging rights for a full year.”

On September 6, 2007, the teams launched an official phpBB podcast. It was recorded by a rotating group of phpBB team members with occasional guests, and discussed a number of phpBB-related topics, as well as answering questions e-mailed in from listeners.

The first beta of phpBB3 was released in June 2006, and the first release candidate was released in May 2007. The phpBB3 codebase received an external security audit in September, which was done by SektionEins. Finally, phpBB 3.0.0 “Olympus” (also dubbed the Gold release) was published on December 13, 2007.

The teams launched a new phpBB weblog in July 2008. The blog is written by phpBB team members on various topics related to phpBB and provide users with a unique inside look at the activities of the phpBB teams.

The phpBB teams held their first-ever phpBB users conference in London on July 20, 2008, which was titled “Londonvasion 2008.” Londonvasion featured presentations by phpBB team members on various topics important to the phpBB community, MOD authors, and developers. Londonvasion provided a unique opportunity to socialise with members of the phpBB teams. The event also represented the first time that most members of the teams had a chance to meet each other in person.

More on PhpBB

• phpBB2 was the predecessor of the present-day phpBB3. Developed during 2001-2002, the source code was written primarily to run on PHP 3.0 and 4.0 (version 2.0.13 upped the minimum requirement to PHP 4.0.3 due to a necessary security fix), and by the time that phpBB3 was released in late 2007, …
• phpBB3 is the current stable version of phpBB. Following over three years of development and an eighteen-month beta/release candidate stage, it went gold on December 13, 2007. Some of phpBB3′s major features include: Modular design for the Admin Control Panel, Moderator Control Panel, and User Control Panel Support for multiple database management systems, …

Other Information

• Developed by  The phpBB Group
• Stable release  3.0.4  (December 12, 2008)
• Written in  PHP
• Available in  Multilingual
• Type  Internet forum
• License  GNU General Public License

Links

• Website  http://www.phpbb.com/
• Downloads
• PhpBB Mods
• PhpBB Knowledgebase
• PhpBB wiki

Incoming search terms:

• Powered by phpBB
• phpbb
• important phpbb
• powered by phpbb3 introduction to human services through the eyes of practice settings
• available powered by phpbb3
• work phpbb
• adult phpbb demo phpbb
• reference phpbb
• months phpbb
• powered by phpbb3

SMF was created to replace the forum software YaBB SE, which at the time was gaining a bad reputation because of problems with its Perl-based ancestor software YaBB[citation needed]. At the time, YaBB was attributed to causing resource allocation problems on many systems. YaBB SE was written as a rough PHP port of YaBB, and had many of the same resource and security problems of the older YaBB versions. Joseph Fung and Jeff Lewis of Lewis Media Inc., the owners of YaBB SE and the original owners of SMF, made the decision to convert to a new brand and name.

SMF started as a small project by username "[Unknown]" (one of the YaBB SE developers) and its main intent was to add more advanced templating to YaBB SE. The project then slowly grew to address common feature requests, efficiency problems, and security concerns. A rehaul of YaBB SE had been in development for several years, but was superseded by this then competing project. Popular interest in the new YaBB SE fork sparked a complete rewrite of the code, with security and performance in mind. This eventually became today’s Simple Machines Forum.. The first SMF release was SMF 1.0 Beta 1a, released on 30 September 2003 to Charter Members only.

On the 23rd of October 2006, Simple Machines LLC was registered in the state of Arizona, and the transfer of copyrights from Lewis Media to Simple Machines LLC was completed on the 24th of November 2006 during a three-day retreat in Tucson, AZ. This was done for the "[solidification of] the team’s commitment to continuously providing free software, without the perceived risks of corporate influence"

Future

On 8 April 2007, Simple Machines announced the introduction of their next version, SMF 2.0 [8]. SMF 2.0 has been in development alongside SMF 1.1 since December 2005. This version will have many new features, including:

• Database abstraction – with support for PostgreSQL and SQLite planned alongside that of MySQL.
• Automatic installation of packages into themes other than just the default.
• Email templates to simplify customization of forum emails.
• Moderation center including post, topic and attachment moderation – to allow approving of user content before it is made public.
• User warning system.
• Additional group functionally including group moderators and requestable/free assignable groups.
• WYSIWYG editor to provide an intuitive user interface to those users not familiar with BBCode.
• Permission improvements such as group inheritance and permission profiles to further reduce the complexity of the permissions system.
• File based caching for a performance increase on all forums regardless of whether an accelerator is installed.
• Mail queuing system to stagger the sending of emails to improve performance on large forums.
• Advanced signature settings to allow the administrator of a forum to more tightly control the contents of users signatures.
• Personal messaging improvements including ability to automatically sort incoming messages and a variety of display options.
• Improved upgrade script with better timeout protection and simpler user interface.
• Custom profile fields to enable administrators to add additional member fields from the administration center.
• Use of OpenID.

The first public beta of SMF 2.0 was released on Monday, March 17 2008.

Localization

SMF is available in over 38 languages[9], including Albanian, Arabic, Bulgarian, Catalan, Chinese, Czech, Danish, Dutch, English, Finnish, French, German, Greek, Hebrew, Hungarian, Italian, Japanese, Norwegian, Persian, Polish, Portuguese, Romanian, Russian, Spanish, Swedish, Thai, Turkish and Ukrainian. It can be translated to other languages by volunteers. UTF-8 and non-UTF-8 encodings are available for all.

Modifications

SMF has a modification base repository for free modification hosting and tracking via the Simple Machines main site. Many modifications, or "mods" as they are usually called, have been created and distributed free of charge, including an arcade, profile additions, gallery, RPG system, spam filter, various SEO features, and many more. Before being listed on the SMF Mods site, the mod is validated by the SMF Team, to ensure that it complies with the SMF Coding Guidelines.

The Package Manager included in SMF is one of the flagship features. It allows an administrator to install modifications and updates to SMF without having to modify the code of the script, usually with only a few mouse clicks.

The SMF team

The Simple Machines team includes graphics, documentation, customization, localization, marketing, and management divisions. The SMF support staff and users also provide free support on the official community forums. Their duties include helping forum owners with troubleshooting and optimization.

Charter Members

People who wish to support Simple Machines with a donation of 50 USD yearly are rewarded with a Charter Membership. This grants access to a hidden section on the forum and advanced beta versions to test before they go public. Advanced support for SMF including installation and upgrades by the staff are also provided. Charter Members also get access to a private Helpdesk staffed by the Simple Machines Support Team where Charter Members can receive one-on-one support outside of the public forum.

SMF and free software

SMF is occasionally criticized for not being available under a free software license; the developers acknowledge this. Redistribution of the software, even unmodified, is not allowed without written permission. The source code is not redistributable either, although it is allowed to distribute instructions on how to modify it.

Minimum System Requirement

To run SMF, the webserver you’re hosted on must meet a few simple requirements. These are not terribly high, and as such most hosts meet them.

• Any webserver that properly supports PHP, such as Apache or Internet Information Services (IIS).
• PHP 4.1.0 or higher. The following directives are required to be set correctly in php.ini:
  • the engine directive must be On.
  • the magic_quotes_sybase directive must be set to Off.
  • the session.save_path directive must be set to a valid directory.
  • the file_uploads directive must be On.
  • the upload_tmp_dir must be set to a valid directory.
• MySQL 3.23.4 or higher.
• at least 512 kilobytes of storage space in the database, although more is highly recommended.
• about two and a half megabytes of storage space on the web server, although more is recommended.

Recommended System Requirements

However, for best performance and use, a bit more is suggested. This includes the following:

• Linux or another Unix based operating system.
• The GNU Aspell and its dictionaries for spell checking support.
• Apache with AcceptPathInfo set to On (Apache 2 and later only) for queryless URL support.
• PHP 4.3.0 or higher, with the following set in php.ini:
  • the max_input_time directive is set to a value of at least 30.
  • the post_max_size and upload_max_filesize directives are set to the size of the largest attachments you wish to be able to upload.
  • the session.use_trans_sid directive set to Off.
  • the memory_limit directive is set to at least 8M.
  • the max_execution_time directive is set to at least 15.
  • the register_globals directive is set to Off.
• MySQL 4.0.15 or higher with query caching enabled.
• GD Graphics Library 2.0 or higher.

Links

• Official Website
• Download SMF
• SMF Mods
• SMf Themes
• SMf – Powered-by

Incoming search terms:

• powered by smf
• bowser simple machine forum
• grenade powered by smf
• ones smf
• Simple Machines Forum
• tube inurl:/forums/
• change use simple machines llc
• simple machines required information applicants
• duties yabb
• daffodils simple machine forum

Below is a list of the 10 most common security vulnerabilities in web applications, and how Plone addresses these. The full background for this list can be found at the Open Web Application Security Project web site.

Problem A1: Unvalidated Input

How Plone handles this: All input in Plone is validated, and the framework makes sure you can never input data that is not of the required type. This is probably the number one reason why Plone sites — even when deployed and developed by people new to web security — are not compromised.

Problem A2: Broken Access Control

How Plone handles this: Plone is based on the well-proven (7 years in production), flexible and granular ACL/roles-based security model of Zope. In addition, Plone utilizes an innovative workflow approach to security, which means that end-users never see or modify the security settings — they only work with security presets that have been supplied to them by the developers of the application. This makes the potential for security errors orders of magnitude less likely to happen.

Problem A3: Broken Authentication and Session Management

How Plone handles this: Plone authenticates users in its own database using a SHA-1 hash of their password. Using its modular authentication system Plone can also authenticate users against common authentication systems such as LDAP and SQL as well as any other system for which a plugin is available (Gmail, OpenID, etc.). After authentication, Plone creates a session using a SHA-1 hash of a secret stored on the server and the userid (HMAC-SHA-1). Secrets can be refreshed on a regular basis to add extra security where needed. Note: Older Plone versions (i.e. before Plone 3) use a less secure method where a session cookie containing both the loginname and password for a user are used. It is highly recommended to enforce use of HTTPS encryption for such sites.

Problem A4: Cross Site Scripting

How Plone handles this: Plone has strong filtering in place to make sure that no potentially malicious code can ever be entered into the system. All content that is inserted is stripped of malicious tags like <script>, <embed> and <object>, as well as removing all <form> related tags, stopping users from impersonating any kind of HTTP POST requests. All destructive operations (like deletion of content) and privilege elevation (roles, permissions) are checked to be valid HTTP POST request in addition to the usual security checking. On an infrastructure level, the template language used to create pages in Plone quotes all HTML by default, effectively preventing cross site scripting.

Problem A5: Buffer Overflow

How Plone handles this: Buffers overflow vulnerabilities are not known to exist in the current versions of Python, and is usually more common in systems based on languages that do not have strict checking for this, like C.

Problem A6: Injection Flaws

How Plone handles this: This is usually common in systems that use SQL for its content storage. Plone does not use SQL by default, and when setting up SQL databases with Plone, they always communicate through a standard SQL connector that neutralizes injection attempts automatically.

Problem A7: Improper Error Handling

How Plone handles this: Plone provides almost information on the front end (no stack traces etc) when there is an error, but logs the error internally instead. All the front-end user will see is the log entry number of the error that was caused, allowing the error to be located in the logs if it is reported to the site admin.

Problem A8: Insecure Storage

How Plone handles this: All the cryptographic methods in use in the Plone stack are been exposed to public scrutiny for years, and have no known vulnerabilities.

Problem A9: Application Denial of Service

How Plone handles this: The most common setup for a Plone site is to utilize a caching proxy like Squid, Varnish, Apache or IIS. When configured in this way, it’s very hard to bring down a Plone site with DoS attacks. (Note: In versions earlier than Plone 2.1.4 and 2.5.1, there was a potential Denial of Service attack identified in the error page of Plone, which was unnecessarily heavy. This was fixed as part of a bigger security audit performed in the same timeframe, and the current releases of Plone do not suffer from this problem.

A10 Insecure Configuration Management

How Plone handles this: Plone has very strict security defaults out-of-the-box, and also runs as an unprivileged user on the server. Web users do not have access to the file system. Because of these factors, the most common security configuration vulnerabilities in this area are avoided.

Security track record

Measuring or quantifying security risks in software is hard — security is a process, not a product, and thus requires constant vigilance and good coding practices combined with security reviews. One interesting measure is the number of vulnerabilities reported by the MITRE’s Common Vulnerabilities and Exposures database, which is the main source for tracking and naming security issues.

Here are some counts of the numbers of known vulnerabilities and exposures in some common CMS platforms and their technology stacks – also note that the Python/Zope/Plone stack has existed for several years longer than the others mentioned:

• Plone/Zope/Python stack:
  • CVE Entries containing Plone: 3
  • CVE Entries containing Zope: 15 (only 3 since 2004)
  • CVE Entries containing Python: 17
• PHP-based stacks:
  • CVE Entries containing Drupal: 22
  • CVE Entries containing Mambo: 31
  • CVE Entries containing Joomla: 20
  • CVE Entries containing MySQL: 99
  • CVE Entries containing PHP: 1258
• Other stacks:
  • CVE Entries containing Perl: 97

These numbers do not prove anything by themselves, of course — but do suggest a general trend, and are a good approximation of our security track record compared to other systems.

The Plone Foundation proudly announces the members of the newly formed Plone 4 Framework Team:

David Glick is a web developer for ONE/Northwest, a Seattle-based consultancy that delivers tools and strategies for engaging people in protecting the environment.  He has been contributing to Plone add-on products and the Plone core for the past year, and is currently helping to build Dexterity, a tool for creating content types through the web.

Calvin Hendryx-Parker is co-founder and Director of Engineering for Six Feet Up, a CMS consulting company headquartered in the Indianapolis, Indiana. Calvin specializes in implementing Zope and Plone systems and has spoken frequently at symposia and conferences on Plone architecture and implementation.

Martijn Pieters is Senior Software Developer at Jarn, a longtime Plone consultancy. He’s been developing with and for Plone, Zope and Python since 1999. He has been involved with core development on the whole stack, from ZPT and ZODB via CMF to Plone itself.

Ross Patterson is an independent Plone developer and consultant in California.  He’s been developing with Zope and Plone for 9 years making contributions to various parts of the stack but mostly contributing add-ons and utilities.

Erik Rose is a core developer at WebLion, Penn State University’s internal Plone consultancy. He has written several popular Plone products—including FacultyStaffDirectory, WebServerAuth, and CustomNav—and spoken at Plone conferences about security, software architecture, and documentation.

Laurence Rowe works as a Software Developer for Jarn AS, Norway. He’s been consulting with Plone for 4 years, mostly focused around Systems Integration.

Matthew Wilkes is a Plone developer based in Bristol, in south-west England. As well as working a 3 day week at Team Rubber, he works as a freelance consult as Circular Triangle and spends the rest of his time reading German at Bristol University.

The new framework team was selected unanimously by a panel of current and past framework team members.

The job of the Plone 4 Framework Team is to evaluate, recommend, test and accept Plone Improvement Proposals (PLIPs) for version 4.0 of Plone, a versatile and popular open-source Content Management System based on Python and Zope. They’ll be working alongside the Plone 3 Framework Team, which will continue to incrementally develop the Plone 3.x series.

Fixed
* #2354713: Security issue in SESSION id (Fixation), previous fix caused problems with some users being logged out sporadically. (vaughan)< /BR>
* XSS vulnerability in blocksadmin.php $_GET['selmod'], potential (but not necessarily vulnerable) exploit in $_GET['editor']. (GiJoe/vaughan)

Improved
Changelog – Click Here

Where can I get the files?

As usual you can download all the files from our Source Forge site – Click Here
Upgrade from 1.1+:

* impresscms_1.1_to_impresscms_1.1.1_rc2.tar.gz
* impresscms_1.1_to_impresscms_1.1.1_rc2.zip

Upgrade from XOOPS or ImpressCMS 1.0 to ImpressCMS 1.1.1 RC2:

* xoops-or-impresscms_1.0_to_impresscms_1.1.1_rc2.tar.gz
* xoops-or-impresscms_1.0_to_impresscms_1.1.1_rc2.zi

New Install:

* impresscms_1.1.1_rc2.tar.gz
* impresscms_1.1.1_rc2.zip

How to upgrade to XOOPS or ImpressCMS 1.0

* Upgrading from ImpressCMS 1.1
* Upgrading from XOOPS or ImpressCMS 1.0

Full Install

If you’re making a fresh install, download the full package and perform a normal installation (instructions are contained within the package or available in our release notes).

Incoming search terms:

• powered by oscommerce
• ip:74 53 234 2 powered by osCommerce

The ImpressCMS Project was formed in late 2007 as a result of a division in the XOOPS community[1]. Many of the developers for ImpressCMS were veteran developers, designers and users with extensive experience with XOOPS and sought to establish a new community built CMS with a philosophy of openness, community contributions and continual improvements in code and features. The core platform of ImpressCMS was inherited from XOOPS, but was quickly transformed into a product distinct from its parent, yet maintaining compatibility with modules and themes originally designed for XOOPS. This compatibility allows users a choice of platforms and provides them a migration path to ImpressCMS.

The product is released under the GNU General Public License Version 2 and is available for download from the ImpressCMS website. Support is offered by the community and is open to all users of ImpressCMS

Requirements

• ImpressCMS 1.0
  • Web Server – Apache, IIS, or similar web server
  • Language – PHP version 4.3, or higher (PHP 4.2.x may work but is not officially supported)
  • Database – MySQL version 3.23, or higher
• ImpressCMS 1.1
  • Web Server – Apache, IIS, or similar web server
  • Language – PHP version 5.2, or higher (PHP 5.1.x may work but is not officially supported)
  • Database – MySQL version 4.1, or higher
  • PHP requirements – 16mb minimum memory allocation for PHP, UTF-8 & IconV support (recommended)

Features

ImpressCMS uses an open architecture, allowing webmasters to add modules into the core CMS for additional functionality. Modules exist that have been developed by an international community of developers, designers and fans and are able to handle most every task associated with the managing of web content and an online community.

Basic Features of ImpressCMS:

• Database driven
• Granular permissions for users and groups
• Complete user profiles and private messaging
• Customizable themes and templates
• Integrated comment system, with moderation options
• Integrated management for banner advertising
• Site-wide search function
• Multibyte language support – distributions are available in Brazilian Portuguese, Croatian, Dutch, English, French, German, Italian, Persian, Russian, Spanish

New Features Added in Version 1.0

These new features were introduced in the first version of ImpressCMS and were not part of a standard XOOPS installation.

• Native multilingual support allows tagging of content in various languages and users can select an appropriate language for themselves
• Completely redesigned administration interface, making it more intuitive to manage
• Ability to create custom block positions for the user side, allowing greater flexibility of design and layout
• Easy cloning of any existing block with a single click
• Completely redesigned installation wizard making it easier and more intuitive for new user to install and configure ImpressCMS; also, inline help has been added to the wizard to help the user on every step of the installation
• Many security improvements, the most important being the introduction of the Trust Path concept, placing sensitive data outside the web root. This is automatically created for you by the installation wizard
• Automatic version checker to inform the webmaster a new version is available
• Addition of a privacy policy feature customizable by the webmaster
• Users can select a custom theme and save it in their preferences
• Introductory welcome content provided for the new users as part of the installation
• Introduction of HTTP error handling page using .htaccess file
• Users can select to have their login remembered on their computer; administrators can enable/disable this feature

Other Information

• Developed by  The ImpressCMS Project
• Latest release  1.1 / 31 October 2008; 50 days ago
• Written in  PHP
• OS  Cross-platform
• Type  Content Management System
• License  GPL

Links

• Website  ImpressCMS.org

Drupal has announced that there will be no new features added to 6.x or 5.x. They are holding the feature updates and implementation of new features until they are ready to release Drupal 7.x in the near future.

A 7th security update for version 6 and the 13th security update for version 5 may not mean a whole slew of new features, but they do address major security issues.

Security Issues

In both versions there are potential vulnerabilities to users for creating cross site request forgeries as well as cross site scripting. Both of these vulnerabilities could potentially result in database damage or unfiltered content being published inadvertently.

Whether you are using Drupal 6.x or Drupal 5.x, it is highly recommended by the community to update to the newest version to eliminate the potential for security infringements.

There are two options to upgrade:.
Patching or Upgrading Current Drupal Versions

The first option for updating your Drupal version 5.x or 6.x is to simply patch your current core files with the updated ones. This is not the best option as the patch files do not contain certain bug fixes.

The second and best option is to do a full upgrade. This will ensure that all security fixes and bug fixes are addressed in your particular core code. You will also be better prepared for the Drupal 7 update which is expected to contain a number of new features.

It is also highly recommended that you run update.php to refresh the menu cache and other website caches. If you are using custom .htaccess or robot.txt files, you will want to make sure that any custom changes are retained since the updates modify both of these files.

Full upgrade files and patch files can be found here:

* Drupal 5.13 upgrade files
* Drupal 6.7 upgrade files
* Drupal 5.13 patch files
* Drupal 6.7 patch files

If you are using PHP 5.1.x or lower there is a warning that comes up upon login. According to the Drupal Community, “That patch has been rolled back in CVS, and we will be doing a bug fix release on December 11th.”
Get Ready for Drupal 7

Want new Drupal features? You’ll have to wait for Drupal 7 to be released. Until then get the upgrade files and ensure that your site is secure against the malicious threats described above.

If you are interested in learning more about Drupal, DrupalCon DC, the premier conference for Drupal developers, is right around the corner in March. While final submissions for sessions is over, tickets are still available. Get yours today and learn all the ins and outs of Drupal.

CMSWire

Download Joomla 1.5.8

A vulnerability in the Snoopy library was announced today. WordPress uses Snoopy to fetch the feeds shown in the Dashboard. Although this seems to be a low risk vulnerability for WordPress users, we wanted to get an update out immediately. 2.6.3 is available for download right now. If you don’t want to download the whole release to get the security fix, you can download the following two files and copy them over your 2.6.2 installation.

File affetec:ted

1. wp-includes/class-snoopy.php
2. wp-includes/version.php