Author Topic: Version 2.30 Released (security patch)  (Read 957 times)

maverick

  • Administrator
  • Veteran Member
  • *****
  • Posts: 2931
  • Karma: +210/-7
    • Maverick Webworks
Version 2.30 Released (security patch)
« on: March 19, 2016, 07:46:28 PM »
Etano version 2.30 is strictly a security patch upgrade. To keep this upgrade on point and uncomplicated there are no other features or modifications applied in this version upgrade.

Version 2.30 is now available and can be downloaded from the Etano Project Repository at Google Drive:
https://drive.google.com/folderview?id=0B5GPLc5dytbhUHltaG12cHEzMDA&usp=sharing#list

Those running Etano version 2.0 and up can manually apply the security patch by downloading etano-security-patch.zip file from the Etano Project Repository at Google Drive:
https://drive.google.com/folderview?id=0B5GPLc5dytbhUHltaG12cHEzMDA&usp=sharing#list

Manually applying the security patch is a relatively simple and doesn't contain too many files and shouldn't affect your template or existing skin files in anyway.

This security patch helps prevent CSRF attacks (Cross-Site Request Forgery).

What is a CSFR attack?
A CSRF is a fairly common type of attack used to exploit the trust a website has against a user’s browser where the attacker imitates or forges a trusted source and sends data to the site. Typically site forms are exploited by session riding or even by sending form value data from a 3rd party site or location.

We have implemented CSFR tokens to help prevent CSRF attacks which is the most popular and recommended method. It generates random CSRF tokens which are dynamically added to all forms and associated with the user’s current session. If a token is invalid or has expired, the request will be rejected and the form won't be submitted.

Creation and testing of the CSFR security patch was a collaborative effort by maverick and KHDev


2.20 and some other older versions can still be downloaded from the archives at:
 https://drive.google.com/folderview?id=0B5GPLc5dytbhNWp5ZzNKb2NQTnM&usp=sharing#list

Fusion Responsive Template & Free Mods
http://www.maverickwebworks.com
DO NOT PM me asking for personal help. Post your problem or request in the forums so the entire community can contribute and benefit.