Releases
Dec 24, 2007 at 11:11 PM

Team Mambo announces the release of Mambo 4.6.3!

Code name "Dylan", this minor version release features a number of security improvements and bug fixes.

These include:

  • Stability & security improvements
  • Performance improvements
  • A number of bug fixes
  • Improved compatibility with 3rd party extensions
  • Updates to some core extensions

What's New in 4.6.3...

Security Fixes:

*php mailer security fix.
*template chooser security fixes
*XSS fixes in administrator backed
*sample configuration file renamed to configuration.sample.php

Bug Fixes:

*fixed banner manager custom-code bugs
*fixed mambo admin template install problem
*fixed special vs. registered users menu access related problems
*fixed login component redirection
*fixed line breaks in emails in Mambo
*fixed missing links in pathway
*fixed problems with module ordering affecting menus
*fixed an xml parser problem in the installer
*fixed section module problems related to Itemid.
*fixed content editing resulting in overriding the article creator
*fixed incorrect escaping of weblinks' titles, description

Enhancements:

*mostlyce upgraded to 2.4
*mostlydbadmin upgraded to 1.5
*geshi upgraded to 1.0.7.20
*enhanced editor initializing
*enhanced weblinks component, so the target param is not confusing anymore
*updated the sample data so Mambo links will be up-to-date with the recent Mambo sites changes
*Some XHTML compliance work
*added option to block the blocked users in the mass email
*added mosshowhead and some helper classes to select/exclude head tags
*added module buffering
*added the ability to delete superadmins
*added search feature in language manager
*added onAfterStart mambot trigger
*compressed js and css files for improved performance

Mambo 4.6.3, including upgrade files, can be found on the Mambo Code forge here: http://mambo-code.org/gf/project/mambo/frs/

Because Mambo 4.6.3 is a security and maintenance release we advise everyone using Mambo 4.6 - 4.6.2 to upgrade. If you are not running Mambo 4.6.2 then you should patch up to this version prior to applying this new patch. Upgrade instructions are provided in the patch download - please read the instructions!

Note about Mambo Security.

Each of the security fixes relates to vulnerabilities that have the potential for exploit. There have been no known cases of them actually being exploited and most relate to backend/administrator security weaknesses that would first require someone to be logged into the backend.

A Secunia advisory reported a "proof of concept" regarding two potential security flaws in 4.6.2 (http://secunia.com/advisories/28133/). Only one of the reported flaws had any potential to insert code and even then, the code could not be executed. The result of extensive testing showed that where a user was using an unpatched version of IE6 it was possible to enter raw text into one form in Mambo 4.6.2. While this would not compromise a site because the script could not actually run, the vulnerabilities in IE6 could result in a small amount of unwanted text appearing below a form.

While this flaw was really a browser flaw (that has been fixed in recent updates to IE6) we blocked the hole that allowed unauthorised text to be inserted.

The Secunia advisory does not relate to Mambo 4.5.5.

While the 4.6.2 security vulnerabilities are low level, we prefer everyone to be running sites that have a high level of protection and the bug fixes, feature and performance improvements make this a very worthwhile upgrade.
<Previous   Next>
Sat March 13 2010, 15:32 UTC

Menu

Submit Your Mambo News

If you have some Mambo news that you would like to share with the community, please submit your short story, article, announcement or review here.

Stay Informed

Follow Mambo on Twitter. This is the official (and only) Twitter account for Mambo.

 

Get Help

Mambo Manual

Our user manual and developer guide. Jump inside and find out how Mambo works for you.

Mambo Forums

The place to help and be helped.

Mambo Support

Knowledgebase chock full of tips, tricks, how-to's and best practise to help you get the most out of using Mambo.

Mambo Services

Can't do it alone? You don't need to! We have a growing list of Mambo professionals who will be happy to help you out.

Read more...

What is Mambo?

Mambo is a full-featured, award-winning content management system that can be used for everything from simple websites to complex corporate applications. It is used all over the world to power government portals, corporate intranets and extranets, ecommerce sites, nonprofit outreach, schools, church, and community sites. Mambo's "power in simplicity" also makes it the CMS of choice for many small businesses and personal sites.

Mambo is one of the most powerful Open Source Content Management Systems on the planet and with almost 8 million downloads, Mambo is arguably one of the most popular CMS's in the world. Mambo is easy to install, simple to manage, and reliable.

Read more...

About this site

The mambo-news.org site has been built with the world's most popular CMS - Mambo!

This is a basic install of Mambo Lite 4.6.5.

The site uses the following 3rd party extensions:

Thick-RSS module from Horst Lindlbauer;

Featured Item module from David Thomas;

Digg module from Justin Cook;

Run Digital RSS from Robert Deutz.

Read more...