Our users informed us about a possible security threat present in all Oxwall versions, including 1.4. We eliminated it and rolled out this unplanned security release. It contains:
- User Role management security fix;
- Prevention of possible XSS attacks in profile questions.
Please update to Oxwall 1.4.1, as soon as it’s available for automatic update in your admin area.
Share this:
Where is it in the admin area? I can’t find.
Thanks!
It will be there within 24 hours.
Nice, hope to get this soon 🙂
Anyone got the update already? I still didn’t get the link, and I’m not sure whether it’s due to a problem in my configuration.
Where is it in the admin area? I can’t find.
THANK YOU!!! I’ve been getting tons of fake accounts daily!!! This has been needed for a month now. I had to disable registration because of this security thing.
i had to do the same thing!!!!
Erm, no update has appeared for me on admin dashboard?
Guys, check now, do you see it?
Yes It has now 🙂 Thank you
Yup, it took a while but eventually it appeared on Oct 12, thanks!
The talk about fake registrations, it didn’t change anything about that for me either, just got a bunch of new ones today.
This update just appeared for me, installed fine. But I am not sure exactly what it changed I was not aware of any security problems?
Er, I’m still getting fake accounts signing up to my site? This hasn’t fixed it?
Fake accounts registration is not a security problem, but rather SPAM. We are aware that there are bots working to create fake account on various Oxwall-powered websites.
You need to install antispam plugin and/or turn on mandatory user approve mode to manually let people in.
not nice, i have 404 error when i trying to install this release from archive. also i can’t see any actual documentation inside of the package & i really don’t want to search bugs in code… not funny heh…
Please report it at forum: http://www.oxwall.org/forum
thank you
hello i cannot find it in my admin area
This was nice, but there is still a ton of secuirty flaws. In a few older versions you introduced the system that said the admin (first member / super admin) could not be deleted. This is true via the Admin panel, but not the admin’s profile. There is still a delete button on my profile and I’m the super administration. What if one got our pass? They could easily delete us, and there couldn’t be NO way of accessing our Admin panel again!
Plus, members need more verification with CAPTCHAS. Every so often, when they go to post a link, make a group, send a message we should make them occassionally insert a CAPTCHA to validate, they can then permantely remove CAPTCHAS when they Verify their profile through Text Message or Email code resend.
I manually installed the update without noticing any difference from the previous version,plus users can no longer update status or make any comments…
Please report this on the forum.
Automatic update still not available in the admin area…!!!!
Should be there, please report the issue on the forum.
If the auto update options aren’t appearing in your admin dashboard you might want to check your cron setup.
I goofed when setting mine up the first time (basically a 3am typo), and right after I fixed it, bam… there it was.
Don’t know if this is the case for everybody but it sure seemed to be the root of my troubles.
mi website se callo cuando active el antispamer no se que hacer no reacciona ayudenme porfavor 🙁