Written by eaxs Comment on this post
30 June 2009

projectfork-stableThis is a pure security release and probably the last patch for the Projectfork 2.0.x series. Everyone should make sure to update to this version as soon as possible.

There was a simple exploit which allowed viewing and editing of other projects tasks and eventually critical information. However, this was only possible under certain curcumstances.

Before you update, please make sure you uninstall any mods that change the following files, or you will be unable to view or edit items in Projectfork:

  • administrator/components/com_projectfork/_core/lib/protector.php
  • administrator/components/com_projectfork/_core/lib/template.php

The community builder and JomSocial integration are also affected by this patch and a new version is already available.

Now, to clarify how you have to proceed step-by-step:

  • Uninstall your mods that are affected (eg. CB integration/JS integration)
  • Patch to the latest PF version
  • Install the new version of the mods you were using
[Download full version] [Download update]
Last modified on Tuesday, 19 January 2010 18:02
Published in Projectfork Team
Social sharing
eaxs

eaxs

Tobias Kuhn

Projectfork Founder and Lead Programmer

Follow me on Twitter

More in this category: « Let the Projectfork 2.1 beta phase commence! We're almost there! »
back to top