Date: Wed, 25 Jan 2012 17:01:14 +0200 From: Henri Salo <henri@...v.fi> To: oss-security@...ts.openwall.com Subject: Re: Fwd Joomla! Security News 2012-01 On Wed, Jan 25, 2012 at 04:17:47PM +0200, Henri Salo wrote: > Does someone know if these already have CVE-identifiers? Joomla just released this advisory. This is why I don't like Joomla. They jumped from 1.7 to 2.5.0 and support for 1.7.x is following: "Please note that version 1.7 will reach end of life on 24 February 2012." EOL for 1.7.x means also 1.6.x, which both are still heavily uesd. http://www.joomla.org/download.html http://www.joomla.org/announcements/release-news/5403-joomla-250-released.html Joomla is part of oCERT "The oCERT team is a volunteer-based force of well-known security professionals from major Open Source projects, vendors and the security community." Basicly the end of support for 1.7.x and 1.6.x means that if you go to support-forum and ask something you will be asked for your software version number and if it isn't 2.5.0 they will tell you to upgrade, before you will get more help. - Henri Salo
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ