Symphony.

As some of you may know, there has been a series of attacks aimed at a Symphony 1.x security vulnerability. Although this same attack cannot be duplicated in Symphony 2 beta specifically, I feel it important to release a security patch that fixes a couple of potentially exploitable areas in Rev5. It is advised that anyone with a Rev5 installation apply this patch immediately.

Symphony 1.7 patch announcement

Installation

• Place class.symphony.php, found in this archive, in /symphony/lib/core of your Symphony Revision 5 installation.

Do we have to change anything in the config.php file in a similar fashion to the v1.x fix?

Do we have to change anything in the config.php file in a similar fashion to the v1.x fix?

Nope. The config changes for the 1.7 fix was specifically related to the file manager, which doesn't exist in s2 yet.

Perfect. Thanks guys.

Just to confirm, is the revised file is in the current 2rev5 download package in the account center?

Just to confirm, is the revised file is in the current 2rev5 download package in the account center?

Correct. Both 1.7 and 2.0 Revision 5 have been patched.

It is vitally important that everyone patches their Symphony 2 installations. Secunia issued a security advisory a couple days ago, check it out here, regarding the Symphony 1.x exploit. It means Symphony is probably going to get some attention from those with malicious intent (E.G. hackers), and no doubt now that 1.7 has been patched, their eyes will fall on trying to exploit Symphony 2.

Thanks for staying on top of this Alistair.