Archive for June 2005

Nucleus v3.21 Released

We have released Nucleus v3.21. This is a maintenance release which fixes a recently discovered security issue in the PHP XML-RPC library that is used by Nucleus. While there are no new features in this release, upgrading is highly recommended.

June 30, 2005 - Permalink

Security issue in XML-RPC library

You might have come across the security bulletin already, but there's quite a serious security issue in the PHP XML-RPC Library that is used by Nucleus and a bunch of other projects. Untill we have a new package available for download with the updated library, here is how to disable XML-RPC support on Nucleus:

  1. Delete the /nucleus/xmlrpc/ directory on your server. This will remove the XML-RPC server from Nucleus. As a result, nobody will be able to connect to Nucleus using external tools (wbloggar to name just one) anymore.
  2. In the /nucleus/libs/ directory, replace xmlrpc.inc.php and xmlrpcs.inc.php by empty files. These are the actual libraries. Though this step is optional, you should do this just to be sure. Do keep in mind that after this, pinging weblogs.com won't work anymore.

After these steps have been completed, the XML-RPC library is fully removed and your Nucleus installation is safe again. We're wrapping up a release with a fixed version of the library, which should be avaliable as soon as possible.

June 30, 2005 - Permalink