6 comments
Comment from: Ben borges
![Ben borges Ben borges](http://www.gravatar.com/avatar/98ff694ba8f75df24662838bc39fea0e?size=64&default=https%3A%2F%2Fb2evolution.net%2Fmedia%2Fshared%2Fglobal%2Favatars%2Fdefault_avatar_unknown.jpg%3Fmtime%3D1659823855)
Comment from: fplanque
![](https://b2evolution.net/media/users/fplanque/profile_pictures/.evocache/img_5515.jpg/crop-top-64x64.jpg?mtime=1413332377)
Latest developments:
- Versions 0.9.x are NOT affected. :)
- If your PHP (php.ini) is properly configured with register_globals = Off
, you are NOT affected. :)
- If your PHP (php.ini) is conservatively configured with allow_url_fopen = Off
, you are NOT affected either. :)
- We will release a fixed update of 1.x (version 1.8.6) later tonight.
In the meantime, if you are unsure, please delete the import-mt.php file.
Comment from: fplanque
![](https://b2evolution.net/media/users/fplanque/profile_pictures/.evocache/img_5515.jpg/crop-top-64x64.jpg?mtime=1413332377)
Fixed releases (1.8.6 and 1.9.1) are ready (and downloadable from SourceForge if you’re in a hurry) but we’ll double check them tomorrow.
Comment from: edbennett
![EdB EdB](http://www.gravatar.com/avatar/3cec11eddeceecd6eb4c53add76034c5?size=64&default=https%3A%2F%2Fb2evolution.net%2Fmedia%2Fshared%2Fglobal%2Favatars%2Fdefault_avatar_unknown.jpg%3Fmtime%3D1659823855)
Thanks for the super-quick corrective actions!
![beano beano](http://www.gravatar.com/avatar/0874567cd397fdd2be21a4f6792f26af?size=64&default=https%3A%2F%2Fb2evolution.net%2Fmedia%2Fshared%2Fglobal%2Favatars%2Fdefault_avatar_unknown.jpg%3Fmtime%3D1659823855)
Does this mean that you don’t need to delete the import-mt.php file in versions 1.9.2 onwards?
Comment from: fplanque
![](https://b2evolution.net/media/users/fplanque/profile_pictures/.evocache/img_5515.jpg/crop-top-64x64.jpg?mtime=1413332377)
Yes versions 1.9.2 and above are perfectly safe. No need to touch mt-import in these.
Thanks ! :)