Important announcements from CouchCMS team
7 posts Page 1 of 1
Hi everybody,

Last month certain vulnerabilities were discovered in (the then current) version 1.4.5 by curesec.com.

Credit goes to Mr. Tim Coen for making a responsible disclosure and granting us time to patch the vulnerabilities and intimate our users before making a full public disclosure.

The vulnerabilities were patched within a day and the updated version 1.4.7 was released a few days later (24th of Nov. to be exact) after the patches were validated by curesec.com.
All our existing forum users and license holders were intimated of the issue by personal emails and asked to upgrade to v1.4.7.

The release of the security version was, however, not publicly announced at the time pending the public disclosure of the vulnerabilities by curesec.com scheduled for sometime in second half of December.

That public disclosure has now been made so we now announce that the latest version of Couch available for download from our products page is 1.4.7.

For those who missed the vulnerability report - if you are running *any* previous version of Couch, please upgrade to the latest 1.4.7 version.

If, for some reason, you are unwilling or unable to do a full upgrade I'm attaching a zip that contains 'hot fixes' for most of the previous versions of Couch. These contain only the modified files (two in number) that need to be replaced in your existing installation to secure them.

Please do be careful to use the files corresponding to the exact version of your installation. Usually, if the admin-panel has not been white-labelled, the version is reported in admin-panel's footer. If you are unsure of the version, please open 'couch/header.php' in your editor and locate the following line close to the top of the file that shows the version of the installation -
define( 'K_COUCH_VERSION', '1.4.5' ); // Changes with every release

Please note: Application of the hot-fix will not upgrade your existing Couch installation to v1.4.7. It will only patch the vulnerabilities.

Finally, please allow me to take this opportunity to thank everybody for their understanding and cooperation while dealing with this issue.

Attachments

Done!

Thx KK ;)
As soon as possible!

Touch me up : abada[dot]zulma[at]gmail[dot]com
Are there any other changes in this release? What happened to 1.4.6? :)
Are there any other changes in this release?
No other changes except the patches for the vulnerabilities.
Patch applied. Thank you!
KK wrote:
Are there any other changes in this release?
No other changes except the patches for the vulnerabilities.



And the removal of the automatic insertion of 'Powered by CouchCMS' in the footer. For some reason this is being hush-hushed.

TOF.
And the removal of the automatic insertion of 'Powered by CouchCMS' in the footer. For some reason this is being hush-hushed.

viewtopic.php?p=22430#p22430
Hope that removes the perceived 'hush-hush' :)
7 posts Page 1 of 1
cron