b2evolution News Blog - Latest Comments on Security Alert: import-mt.php https://b2evolution.net/news/?disp=comments en-US http://backend.userland.com/rss 60 fplanque in response to: Security Alert: import-mt.php Sun, 25 Feb 2007 17:19:24 +0000 c17090@https://b2evolution.net/ <p>Yes versions 1.9.2 and above are perfectly safe. No need to touch mt-import in these.</p> Yes versions 1.9.2 and above are perfectly safe. No need to touch mt-import in these.

]]> https://b2evolution.net/news/2006/11/30/security_alert_import_mt_php#c17090 beano in response to: Security Alert: import-mt.php Sun, 25 Feb 2007 16:43:39 +0000 beano c17089@https://b2evolution.net/ <p>Does this mean that you don&#8217;t need to delete the import-mt.php file in versions 1.9.2 onwards?</p> Does this mean that you don’t need to delete the import-mt.php file in versions 1.9.2 onwards?

]]> https://b2evolution.net/news/2006/11/30/security_alert_import_mt_php#c17089 edbennett in response to: Security Alert: import-mt.php Fri, 01 Dec 2006 04:54:45 +0000 c17000@https://b2evolution.net/ <p>Thanks for the super-quick corrective actions!</p> Thanks for the super-quick corrective actions!

]]> https://b2evolution.net/news/2006/11/30/security_alert_import_mt_php#c17000 fplanque in response to: Security Alert: import-mt.php Fri, 01 Dec 2006 01:00:19 +0000 c16998@https://b2evolution.net/ <p>Fixed releases (1.8.6 and 1.9.1) are ready (and downloadable from SourceForge if you&#8217;re in a hurry) but we&#8217;ll double check them tomorrow.</p> Fixed releases (1.8.6 and 1.9.1) are ready (and downloadable from SourceForge if you’re in a hurry) but we’ll double check them tomorrow.

]]> https://b2evolution.net/news/2006/11/30/security_alert_import_mt_php#c16998 fplanque in response to: Security Alert: import-mt.php Thu, 30 Nov 2006 15:03:42 +0000 c16997@https://b2evolution.net/ <p>Latest developments:</p> <p>- Versions 0.9.x are NOT affected. :)</p> <p>- If your PHP (php.ini) is properly configured with <code>register_globals = Off</code>, you are NOT affected. :)</p> <p>- If your PHP (php.ini) is conservatively configured with <code>allow_url_fopen = Off</code>, you are NOT affected either. :)</p> <p>- We will release a fixed update of 1.x (version 1.8.6) later tonight. </p> <p>In the meantime, if you are unsure, please delete the import-mt.php file.</p> Latest developments:

- Versions 0.9.x are NOT affected. :)

- If your PHP (php.ini) is properly configured with register_globals = Off, you are NOT affected. :)

- If your PHP (php.ini) is conservatively configured with allow_url_fopen = Off, you are NOT affected either. :)

- We will release a fixed update of 1.x (version 1.8.6) later tonight.

In the meantime, if you are unsure, please delete the import-mt.php file.

]]> https://b2evolution.net/news/2006/11/30/security_alert_import_mt_php#c16997 Ben borges in response to: Security Alert: import-mt.php Thu, 30 Nov 2006 14:53:53 +0000 Ben borges c16996@https://b2evolution.net/ <p>Thanks ! :)</p> Thanks ! :)

]]> https://b2evolution.net/news/2006/11/30/security_alert_import_mt_php#c16996