BxCMS 1.2.1 Security Bugfix Release (codename: “not our fault”)

Yeah, yeah, the PEAR XML_RPC had a big bad security bug ( some details) and BxCMS was also affected (like many other PHP applications) as we included that library.

Therefore we just released BxCMS 1.2.1 with the new library from PEAR (and some other little fixes, see the NEWS file for details). Get it on our download page. We've additionally also made a smal patch available. Just untar it in your BxCMS root folder, it will replace the affected XML-RPC files.

If you're running a version, which was checked out with svn, you can also do

cd inc/XML
svn up RPC.php RPC/Server.php

and you should be fine (of course you can also “svn up” the whole installation). And if that's still too much work for you, just delete inc/bx/plugins/xmlrpc/weblog.php and you should be fine (but the XML-RPC weblog interface isn't working anymore then)

We highly recommend that you upgrade as soon as possible.

Do you have a question, a comment, or just feeling inspired? Mention us or share this article on Mastodon, Twitter or LinkedIn.

Subscribe to blog updates using the RSS Feed.

Topics

Technology