e107 0.616 Security update
The e107 dev team has been going through files and applying some fixes to close the recent security hole.
The e107 dev team has been going through files and applying some fixes to close the recent security hole. Finally, Lolo Irie came up with a quick and easy fix that should take care of the issue for the core code and plugins.
As most of the dev team will be on vacation at some time this month, the full 0.617 release will not be out until the end of July sometime. We do have a fix only download available for this running 0.616. If you are using a version earlier than that and want to apply this code, please contact me and I will provide instructions for doing so.
Please let us know, as always, if this is affecting your e107 install at all so that we can tweak it (if necessary) for the 0.617 release.
Again, we would like to thank Jasper for advising us of this hole and allowing us the opportunity to get a handle on it.
1) Download the security update .zip file
2) **BACKUP your current class2.php file
3) Upload/overwrite all filesDownload here
The zip has been updated with a few fixes, if you are having problems please try this version.
Obviously this was put up a bit prematurely but Lolo Irie and myself thought it was important to put something out the strenghten the security. This will not be the final fix once 0.617 is released. We are going through each file and fixing them properly.
If you are having problems using this update at all, you can go back to the original class2.php file and still feel confident on the security if you have renamed the admin folder as suggested. This is merely some added protection, but not required.