This is an important and urgent security advisory from CB Team: Upgrade all your Community Builder 1.0 and 1.1 installations to CB 1.2.1 as soon as possible.
They received a private report yesterday from a Joomlapolitan about a critical vulnerability of CB 1.1, that they could now reproduce and confirm.
Community Builder 1.2 and 1.2.1 (as well as all CB 1.2 RC releases) are safe to our knowledge and NOT affected, as the corresponding CB 1.0/1.1 code has been entirely rewritten for CB 1.2.
CB 1.1 vulnerability is critical, highest level.
Their researches indicate that no exploit for this vulnerability is public, and that this vulnerability is not yet published on the Internet, but we might be wrong or it can happen anytime. So please, please, *urgently* upgrade now all your sites and forward this message to people using old CB releases! Thank you!
CB 1.1 has been released almost 2 years ago on August 9th 2007, without any discovered exploitable vulnerabilities and exploits during almost 2 years up to yesterday.
CB 1.2 stable has been released 27 January 2009, almost 6 months ago now, introduces many new levels of security, and is a very smooth upgrade to CB 1.1 and earlier (there is a README_UPGRADE.txt file in package), CB 1.2.1, released less than a month ago, fixes all reported issues of CB 1.2, so is really stable. CB development continues full steam ahead with an expanded team.
You can download CB 1.2.1 now by clicking this link and logging in on joomlapolis, then click the "download" button.
Tags: communitybuilder, security
Comment Rules: Critical is fine, but if you're rude, I'll delete your stuff. Please do not put your URL in the comment text unless it's relevant to the post and please use your PERSONAL name, blogger name or initials and not your business name, as the latter comes off like spam. Have fun and thanks for adding to the conversation!