Archive for June 2005
We have released Nucleus v3.21. This is a maintenance release which fixes a recently discovered security issue in the PHP XML-RPC library that is used by Nucleus. While there are no new features in this release, upgrading is highly recommended.
- Upgrade to Nucleus CMS v3.21
- Download Nucleus CMS v3.21
- Try the Nucleus CMS v3.21 demo
- Nucleus support forum
You might have come across the security bulletin already, but there's quite a serious security issue in the PHP XML-RPC Library that is used by Nucleus and a bunch of other projects. Untill we have a new package available for download with the updated library, here is how to disable XML-RPC support on Nucleus:
- Delete the
/nucleus/xmlrpc/directory on your server. This will remove the XML-RPC server from Nucleus. As a result, nobody will be able to connect to Nucleus using external tools (wbloggar to name just one) anymore.
- In the
xmlrpcs.inc.phpby empty files. These are the actual libraries. Though this step is optional, you should do this just to be sure. Do keep in mind that after this, pinging weblogs.com won't work anymore.
After these steps have been completed, the XML-RPC library is fully removed and your Nucleus installation is safe again. We're wrapping up a release with a fixed version of the library, which should be avaliable as soon as possible.