HTML Logo by World Wide Web Consortium ( Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS. ocPortal 9 is superseded by Composr 10.

Head over to for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.

Response to published ocPortal "exploits" [updated]

Response to published ocPortal "exploits" [updated] Last night Twitter buzzed up with a set of "exploits" for ocPortal, published without fore-notice by an Iranian student hacker.

The "exploits" all target the ocPortal installer, which ocPortal actually will not allow you to leave enabled after you've installed your site – for security reasons. On further review we have not been able to reproduce any of the listed exploits, or find any serious problem during code analysis.

The only issue we were able to find was the ability for a hacker read any file named licence.txt out of a directory of their choice, if you left the installer in place prior to finishing the installation of your website. This issue will be resolved in the next release.

View all


There have been no trackbacks yet