b2evolution blog software

More than a blog!
Home About Demo Download Hosting Extend Docs Forums
What is b2evo? · News · Screenshots · Features · Testimonials · Philosophy · License · Terms · About us
« b2evolution.net: help wanted! :)Article sur b2evolution dans L'informaticien »

Fix for XML-RPC vulnerability

Permalink July 5, 2005 @ 15:37, by Francois Planque • Category: Security info

A critical security issue has been discovered in the XML-RPC for PHP that most applications use, including b2evolution.

It is highly recommended you fix you installation by downloading this patch file and unzipping it into you /blogs/b2evocore/ folder. This should overwrite the two following files:

  • _functions_xmlrpc.php
  • _functions_xmlrpcs.php

This patch has been tested on the latest 0.9.0.12 "Amsterdam" release but is believed to work on all 0.9.0.x versions.

The patch will be included in future releases.

PermalinkPermalink 2 comments »  

2 comments

Comment from: Sigg3 [Visitor]
Sigg3This is exclusively b2evolution, or are we talking about a vulnerability for b2 (original) as well?
2005-07-08 @ 15:46
Comment from: Francois Planque [Member] Email
This also affects the original b2 as well as most other PHP blog tools.
In addition the original b2 has a lot more security issues that remain unfixed.
This is one of the reasons we have 'evolution'! :P
2005-07-08 @ 17:09

Leave a comment


Your email address will not be revealed on this site.

Your URL will be displayed.
(Line breaks become <br />)
(Name, email & website)
(Allow users to contact you through a message form (your email will not be revealed.)

Contact us · maintained by François Planque · hosting provided by the Evo Factory