security update version 2.10.9

29 January 2009

We've released version 2.10.9 that fixes a local file include vulnerability.This vulnerability allows attackers to display the contents of files on the server, which can aid them to gain unauthorised access.

Everyone using any version up to this one is advised to upgrade as soon as possible. Any clients hosted by Tincan have already been patched or upgraded.



If you don't want to upgrade now, you can fix the vulnerability quickly by adding the following line to the top of the index file in the admin directory:


  if (isset($_REQUEST['_SERVER'])) { exit; }


This will at least stop your installation from being vulnerable to this attack.