At b2evolution's, one of our main concerns is security. While we constantly keep securing the legacy b2 codebase while developing new versions, we felt it was appropriate to release a security upgrade for our latest stable release (0.8.2).
We are pleased to announce availablility of version 0.8.2.2.
b2evolution 0.8.2.2 is a maintainance release intended to fix security issues discovered after release of version 0.8.2.
This release includes some fixes against XSS and SQL injection vulnerabilities.
All b2 users up to 0.8.2 are encouraged to upgrade their installation. These vulnerabilities most likely also affect other b2 forks but we have not checked them yet.
Vulnerabilities were also fixed in user-customizable skins, so users will need to reflect the changes to their own skins. Contributed skins on evoSkins.org may have the same vulnerabilities, but we have not investigated them yet.
Acknowledgements:
- Some XSS vulnerabilities were found and reported by office
- This release was compiled and brought to you by Sakichan.