BxCMS 1.2.1 Security Bugfix Release (codename: “not our fault”)

  • Christian Stocker

Yeah, yeah, the PEAR XML_RPC had a big bad security bug ( some details) and BxCMS was also affected (like many other PHP applications) as we included that library.

Therefore we just released BxCMS 1.2.1 with the new library from PEAR (and some other little fixes, see the NEWS file for details). Get it on our download page. We've additionally also made a smal patch available. Just untar it in your BxCMS root folder, it will replace the affected XML-RPC files.

If you're running a version, which was checked out with svn, you can also do

cd inc/XML
svn up RPC.php RPC/Server.php

and you should be fine (of course you can also “svn up” the whole installation). And if that's still too much work for you, just delete inc/bx/plugins/xmlrpc/weblog.php and you should be fine (but the XML-RPC weblog interface isn't working anymore then)

We highly recommend that you upgrade as soon as possible.


Tell us what you think