Vanilla 1.1.5a Released
http://lussumo.com/download.php?Get=Vanilla
有一些安全更新,还算比较重要,详见:
Security fixes
Fixed XSS vulnerability in member’s Personal Information form. Thanks to James Bercegay from Gulftech Security Research.
Fixed XSS vulnerability on registration form, thanks to James Bercegay for this one as well.
Now regenerating the remember-me cookie when a user changing password.
Fixed CSRF vulnerability in ajax/UpdateCheck.php.
Fixed CSRF vulnerability with the sign-out page. Thanks to ggaudrea.
Strengthened users’ password storage. Thanks to squirrel for reporting the issue and helping fixing it.
http://lussumo.com/docs/doku.php?id=vanilla:releasenotes
标签:opensource