Hi all, Thanks to Sapan (doctors.meramd.com) for pointing out a security vulnerability in CommunityEngine which could have allowed unauthorized users access to the administrative account. The 'master' branch has been update with the relevant fix, so to get the fix, you should update your CE plugin to the latest version of master.
I recommend all production installations of CE be upgraded immediately. If you don't want to upgrade your whole CE plugin for compatibility reasons (for example, you're still on an older version of Rails, whicle master is using Rails 2.2.2) you can apply just the relevant commits using 'git cherry-pick': git cherry-pick ec3ddd8ec9b254fe09f971a47bcd91716cb78920 git cherry-pick 338205d797c3e0eef26327270c1d31734e5753cd Thanks, I'll be watching the list for questions of problems regarding this bug. Bruno --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CommunityEngine" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/communityengine?hl=en -~----------~----~----~----~------~----~------~--~---
