Change font size Change Width
Advanced Search
 

Joomla! Discussion Forums



It is currently Thu Nov 26, 2009 11:43 pm (All times are UTC )

 

Board index » Joomla! 1.5 - Ask Support Questions Here » Security

Forum rules

Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.



Post new topic Reply to topic  Page 1 of 1
  [ 3 posts ] 
  Print view Previous topic | Next topic 
Author Message
dynamicnet
Posted: Thu Nov 05, 2009 2:23 pm 
Joomla! Explorer
Joomla! Explorer
Offline

Joined: Wed Aug 05, 2009 1:42 pm
Posts: 488
Greetings:

What security issue does Joomla 1.5.15 address?

Answer, "It is possible to read the contents of an extension's XML file and find the version number of the installed extension. This could allow people to exploit a known security flaws for a specific version of an extension."

Critical note: "Turn on Apache mod_rewrite and configure your .htaccess file to filter out XML files. In the htaccess.txt file shipped with version 1.5.15, lines 35-39 contain example code that will deny access to XML files. You can incorporate this code (or similar code) into your .htaccess file. Be sure to test that it does not cause problems on your site."

On this issue, add the following code to your .thaccess file:

Code:
## Deny access to extension xml files (uncomment out to activate)
<Files ~ "\.xml$">
Order allow,deny
Deny from all
Satisfy all
</Files>


OTHER:

The link on http://www.joomla.org/download.html to the upgrade files is incorrect (as of 9:20 AM EST today, 11-05-2009). The correct link is http://joomlacode.org/gf/project/joomla ... ge_id=4734

Thank you.

_________________
Peter M. Abraham
http://www.dynamicnet.net/ - Dynamic Net, Inc. - in business since June 1995; a PCI Compliant, managed hosting provider.

Top
  E-mail  
 
iikozen
Posted: Tue Nov 10, 2009 12:23 am 
Joomla! Apprentice
Joomla! Apprentice
Offline

Joined: Fri Jul 20, 2007 11:20 am
Posts: 10
Location: Brazil
dynamicnet wrote:
OTHER:

The correct link is http://joomlacode.org/gf/project/joomla ... ge_id=4734

Thank you.


The above link shows packages to the 1.5.14 version.
???
Top
   
 
dynamicnet
Posted: Tue Nov 10, 2009 1:25 pm 
Joomla! Explorer
Joomla! Explorer
Offline

Joined: Wed Aug 05, 2009 1:42 pm
Posts: 488
Greetings:

Thank you for catching my mistake.

http://joomlacode.org/gf/project/joomla ... ge_id=4947

Thank you.

_________________
Peter M. Abraham
http://www.dynamicnet.net/ - Dynamic Net, Inc. - in business since June 1995; a PCI Compliant, managed hosting provider.

Top
  E-mail  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 3 posts ] 

Quick reply

 


Board index » Joomla! 1.5 - Ask Support Questions Here » Security

Who is online

Users browsing this forum: fw116 and 18 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
 
 
 
 
 

© 2005-2009 Open Source Matters, Inc. All rights reserved. Joomla hosting by Rochen Ltd.