habari

We're excited today to release Habari 0.6.4! This is an update to our 0.6.3 release. The primary changes enhance security and work around changes made to PHP.

Full release notes are available on our wiki here: Release 0.6.4

All users are encouraged to back up their database and upgrade to this latest release. It can be downloaded from here.

Sincere thanks to everyone who has contributed time and energy into continuing to make ...

A potential security issue has been discovered with the AutoSave plugin in the habari-extras repository. If exploited, the cracker could potentially add new posts to your blog with out being an authenticated user. The updated plugin, version 0.1.2, adds a check to make sure the user is authenticated. The development version of the plugin, "trunk", for the upcoming Habari 0.7 has been rendered inoperable since it does not account for the new ACL ...

We're excited today to release Habari 0.6.3! This is an update to our 0.6.2 release, and enables users of particular (newly popular) versions of PHP to install and use Habari. Also included are some permission-related security fixes.

All users are encouraged to back up their database and upgrade to this latest release. It can be downloaded from here.

Sincere thanks to everyone who has contributed time and energy into continuing to make Habari ...

Today we are pleased to release Habari 0.6.2, the latest update to our 0.6 release. This is a modest update which fixes two potential security vulnerabilities. All users are encouraged to update.

Special thanks go to Sebastian Bergmann for identifying the vulnerability with the installation process, and our own Geoffrey Snedders for identifying and fixing a cross site forgery request! See the 0.6.2 release notes for full details of the fixes.

The Habari ...

The Habari Community announces the release of version 0.5.2. This version is a critical security update; all users of any version prior to 0.5.2 should upgrade at once. Additionally users of HEAD should also update to the latest revision.

This update addresses security issues reported at secunia.com, related to unsanitized user input via the URL enabling a "less critical" XSS vulnerability. Using this vulnerability, malicious users could craft an external link that when ...