HTML Logo by World Wide Web Consortium (www.w3.org). Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to compo.sr for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.


Minor security hole discovered

Minor security hole discovered A security hole has been found in ocPortal that allows the 'recommend site' module to be used to relay spam via the ocPortal website it is installed on.

We found this security hole as it was exploited on our own website and we were able to trace the problem. ocProducts is not the originator of the spam sent through our servers, but we apologise upfront for this problem.

To fix this problem:
  • choose an appropriate attached file for your PHP version
  • extract the included mail.php file
  • upload the file to the sources/ directory of your website

Attachment
» Download: 2.6.x.zip (4 Kb, 1382 downloads so far)


Attachment
» Download: 3.0.x.zip (4 Kb, 1177 downloads so far)


A new patch release of ocPortal 3 will be released soon, but new users need not worry because we have re-released the latest version with this patch included.

ocPortal version 2.6.4 has been released (quick installer, manual installer), which has fixed this problem along with a number of other bugs that have been found since version 3 was released. This is the last release of the 2.6.x family and these versions are now officially at their end-of-life. Upgrading to version 3 is strongly recommended.

View all

Trackbacks

There have been no trackbacks yet