Orchard CMS 1.6.1 security patch available

A quote from the website:

A non-persistent XSS vulnerability has been discovered in the Orchard.Comments module that is distributed with the core distribution of the CMS. The module could in some circumstances let an external website render custom scripts on an Orchard website. This vulnerability might ultimately be used to gather your credentials if you further authenticate on the targeted Orchard website.

All released versions of Orchard are vulnerable and need to be patched immediately.

We are releasing today (April 30, 2013) a new version 1.6.1 of Orchard 1.6 that has the patch in place. This new version is replacing the previously available download. If you are downloading Orchard 1.6.1 today, you do not need to take any additional steps. The latest 1.x development branch is already patched as well. We are also releasing patch files for each version of Orchard from 1.0 to 1.6 that can be applied to existing web sites.

Great to see that security risks are getting patched immediately !

More information and download links at:

More information about Orchard CMS:

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s