A critical security issue has been discovered in the XML-RPC for PHP that most applications use, including b2evolution.
It is highly recommended you fix you installation by downloading this patch file and unzipping it into you /blogs/b2evocore/ folder. This should overwrite the two following files:
This patch has been tested on the latest 0.9.0.12 "Amsterdam" release but is believed to work on all 0.9.0.x versions.
The patch will be included in future releases.
This is exclusively b2evolution, or are we talking about a vulnerability for b2 (original) as well?
Comment from: Member
This also affects the original b2 as well as most other PHP blog tools.
In addition the original b2 has a lot more security issues that remain unfixed.
This is one of the reasons we have ‘evolution’! :P