Flux CMS 1.2.2 Security Bugfix Release (codename: “not our fault again”)

  • Christian Stocker

Repeat from the 1.2.1 release announcement :)

Yeah, yeah, the PEAR XML_RPC had a big bad security bug (some details) and Flux CMS was also affected (like many other PHP applications) as we include that library.

Therefore we just released Flux CMS 1.2.2 with the new library from PEAR (and some other little fixes, see the NEWS file). Get it on our download page. We've additionally also made a small patch available. Just untar it in your BxCMS root folder, it will just replace the affected XML-RPC files, but not the other fixes.

If you're running a version, which was checked out with svn, you can also do

cd inc/XML
svn up RPC.php RPC/Server.php

and you should be fine (of course you can also “svn up” the whole installation). And if that's still too much work for you, just delete inc/bx/plugins/xmlrpc/weblog.php and you should be fine (but the XML-RPC weblog interface isn't working anymore then)

We highly recommend that you upgrade as soon as possible.


Tell us what you think