JomSocial Security Update
Yesterday we released version 18.104.22.168 which fixes two vulnerabilities.
As a result of the first vulnerability, our own site was hacked. Thankfully, our security experts spotted the attack very quickly and our developers raced out a patch. The information of how to exploit this vulnerability can be found easily by hackers, so you should upgrade right away, to protect your site.
While we were blocking that attack, we also spotted another vulnerability: the opportunity to exploit CStringHelper::escape function to execute eval method. With this new fix, hackers will no longer be able to execute eval function. It’s all a bit technical, but the point is: it’s fixed and we were able to prevent a potential problem.
All JomSocial site admins are encouraged to upgrade to this version as soon as possible.
You can download this latest version on our "My Licenses" page.
Free Patches For Everybody!
It’s important to us that your site is secure, so even if you don’t have an active license, we still want you to be safe. We’ve created a patch for you that you can download free now.
You can download a FREE patch for all previous versions here:
how to update > extract both folders "controllers" and "helpers" via FTP to components>com_community and replace all files
What's Else is New?
We are putting the final touches on JomSocial 3.2 which will have a brand new and amazing stream! Stay tuned for more information about that soon.