ha·bar·i - noun
Definition — Swahili greeting: What's the news?
The Habari Project was notified yesterday of three potential security vulnerabilities that had been discovered by the High-Tech Bridge security company. Included were a low-risk path disclosure vulnerability (HTB22732) and two potential medium-risk XSS flaws (HTB22731 and HTB22733).
While the potential of compromise is low, and we are unaware of any instances of these exploits being used in the wild, we are happy to announce that all three exploits are fixed in our new…Read More
A very minor security-related issue was discovered this week that allowed an attacker to reset the password of any user_id he was able to guess, triggering a reset email to the affected user. While we're unaware of any instances of this occurring in the wild and at no time was the attacker able to obtain the user's password, we've made a simple fix and packaged up the 0.6.5 release.
All users of the 0.6.4 release are…Read More
We're excited today to release Habari 0.6.4! This is an update to our 0.6.3 release. The primary changes enhance security and work around changes made to PHP.
Full release notes are available on our wiki here: Release 0.6.4
All users are encouraged to back up their database and upgrade to this latest release. It can be downloaded from here.
Sincere thanks to everyone who has contributed time and energy into continuing to make Habari the success…Read More
A potential security issue has been discovered with the AutoSave plugin in the habari-extras repository. If exploited, the cracker could potentially add new posts to your blog with out being an authenticated user. The updated plugin, version 0.1.2, adds a check to make sure the user is authenticated. The development version of the plugin, "trunk", for the upcoming Habari 0.7 has been rendered inoperable since it does not account for the new ACL system; …Read More
We're excited today to release Habari 0.6.3! This is an update to our 0.6.2 release, and enables users of particular (newly popular) versions of PHP to install and use Habari. Also included are some permission-related security fixes.
All users are encouraged to back up their database and upgrade to this latest release. It can be downloaded from here.
Sincere thanks to everyone who has contributed time and energy into continuing to make Habari the success …Read More
