|
Message-ID: <20120125150114.GB4413@foo.fgeek.fi> Date: Wed, 25 Jan 2012 17:01:14 +0200 From: Henri Salo <henri@...v.fi> To: oss-security@...ts.openwall.com Subject: Re: Fwd Joomla! Security News 2012-01 On Wed, Jan 25, 2012 at 04:17:47PM +0200, Henri Salo wrote: > Does someone know if these already have CVE-identifiers? Joomla just released this advisory. This is why I don't like Joomla. They jumped from 1.7 to 2.5.0 and support for 1.7.x is following: "Please note that version 1.7 will reach end of life on 24 February 2012." EOL for 1.7.x means also 1.6.x, which both are still heavily uesd. http://www.joomla.org/download.html http://www.joomla.org/announcements/release-news/5403-joomla-250-released.html Joomla is part of oCERT "The oCERT team is a volunteer-based force of well-known security professionals from major Open Source projects, vendors and the security community." Basicly the end of support for 1.7.x and 1.6.x means that if you go to support-forum and ask something you will be asked for your software version number and if it isn't 2.5.0 they will tell you to upgrade, before you will get more help. - Henri Salo
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.