Pessoal favor atualizarem seu CB's pois é criticidade alta.
Deve ser grave mesmo... <!-- s:evil: --><img src="{SMILIES_PATH}/icon_evil.gif" alt=":evil:" title="Mal ou Muito Furioso" /><!-- s:evil: -->
Greetings to all!
You are receiving this email as you have subscribed to receive security announcements.
This is an important and urgent security advisory from CB Team: Upgrade all your Community Builder 1.0 and 1.1 installations to CB 1.2.1 as soon as possible.
We have received yesterday a private report from a Joomlapolitan about a critical vulnerability of CB 1.1, that we could now reproduce and confirm.
Community Builder 1.2 and 1.2.1 (as well as all CB 1.2 RC releases) are safe to our knowledge and NOT affected, as the corresponding CB 1.0/1.1 code has been entirely rewritten for CB 1.2.
CB 1.1 vulnerability is critical, highest level.
Our researches indicate that no exploit for this vulnerability is public, and that this vulnerability is not yet published on the Internet, but we might be wrong or it can happen anytime. So please, please, *urgently* upgrade now all your sites and forward this message to people using old CB releases! Thank you!
CB 1.1 has been released almost 2 years ago on August 9th 2007, without any discovered exploitable vulnerabilities and exploits during almost 2 years up to yesterday.
CB 1.2 stable has been released 27 January 2009, almost 6 months ago now, introduces many new levels of security, and is a very smooth upgrade to CB 1.1 and earlier (there is a README_UPGRADE.txt file in package), CB 1.2.1, released less than a month ago, fixes all reported issues of CB 1.2, so is really stable. CB development continues full steam ahead with an expanded team.
You can download CB 1.2.1 now by clicking this link and logging in on joomlapolis, then click the "download" button.
