habari

The Habari Project was notified yesterday of three potential security vulnerabilities that had been discovered by the High-Tech Bridge security company. Included were a low-risk path disclosure vulnerability (HTB22732) and two potential medium-risk XSS flaws (HTB22731 and HTB22733).

While the potential of compromise is low, and we are unaware of any instances of these exploits being used in the wild, we are happy to announce that all three exploits are fixed in our new…Read More

A very minor security-related issue was discovered this week that allowed an attacker to reset the password of any user_id he was able to guess, triggering a reset email to the affected user. While we're unaware of any instances of this occurring in the wild and at no time was the attacker able to obtain the user's password, we've made a simple fix and packaged up the 0.6.5 release.

All users of the 0.6.4 release are…Read More

Executive Summary: New release. Get.

And the longer version. We're really happy to announce our 0.6 release, which brings in the Access Control List (ACL)-based permissions system we've been working so hard on, along with oh, about 1100 bug fixes and other improvements. See the release notes for details.

With the addition of the extensible ACL system, Habari is now ideal for creating a variety of websites. Whether a single blog or a corporate publishing hub,…Read More