If you have a blog and allow open registration, then you definitely need to upgrade to this version!

There’s a security hole in the actual version of Wordpress which allows an attacker to randomly change passwords of other registered users (done by crafting an username). The passwords won’t be revealed to the attacker himself, but it is annoying for users to have their passwords changed suddenly. This attack, coupled with a weakness in the random number seeding in mt_rand(), could be used to predict the randomly-generated password (which is not something you want).

Stefan Esser brought the attack to the attention of the Wordpress team, which also helped them fix another problem (SQL Column truncation danger  and weakness of mt_rand() ).

The new version of Wordpress also has a handful of bug fixes (checkout the forum). See the full changeset and list of changed files.

To keep up with Wordpress development, checkout their blog.

©2010 MyTestBox.com :: web software reviews, news, tips and tricks. All Rights Reserved.

BoonEx  (the australian company behind Dolphin Smart Community Builder and other software) release a security patch for its dating and social network software.
This fixes the XSS (Cross Site Scripting) vulnerability found the last week (Orca version allows inserting malicious code into a new topic title).

It is an easy patch to apply so you should do it immediately!Here are the steps to be followed:
* Backup the Orca and groups/orca folders (a regular backup never hurts anyway!)
* Get the patch named Dolphin 6.1 Patch 4. This is compatible with any Dolphin package: SmartPro, AdFree, Free
* Unzip the archive and upload its content to the folder where you have Dolphin installed (overwriting the files with the same names)

Example: Open the “orca” directory on your server, and at the same time open the “orca” directory in the extracted patch on your PC. Upload all files contained in the “orca” directory of the patch to your server’s “orca” directory overwriting those with the same names.

* Edit the build number in the inc/header.inc.php file, replacing $site['build'] = ‘3′; with $site['build'] = ‘4′;
* Go and login to the admin panel and recompile Orca languages as described there.

After all these steps you should have Dolphin 6.1.4 patch successfully installed.

The company can be contacted for support, if you need to at, support@boonex.com (you can also login to their Forums and ask questions  or see the Answers questions)

About Dolphin community builder
Dolphin Smart Community Builder is a free, open source software that allows you to build any kind of online community. Social networks, dating sites, content sharing portals…all these can be created very easily and deployed in an instant. You can have Myspace, Youtube, Flickr, Facebook and Match combined in one package.
With a huge variety of features & options, you can quickly develop your very unique and successful website. Checkout the full features here!

It is written in PHP/MySQL so it runs well on Unix/Linux but also it can run on Windows (but you have to use Apache for Windows, not IIS web server).

See a demo of their product here: http://www.boonex.us/ (a demo of their admin section is here)

Download Dolphin smart community builder here!  (the free version, you can also order a paid version which will be ad free).

©2010 MyTestBox.com :: web software reviews, news, tips and tricks. All Rights Reserved.