The XOOPS Development Team is pleased to announce the release of a security patch for XOOPS 2.5.7.1 Final.

This patch for XOOPS 2.5.7.1 corrects multiple issues.

We would like to specifically thank Tim Coen of ( Curesec GmbH ) , who notified us about these issues.

All XOOPS 2.5.7 users are advised to apply this patch as soon as possible.

It is also recommended that all XOOPS administrators practice defense in depth, including:
- have the Protector module installed active
- stay current with all patches
- be cautious with administative account use (only when needed, no autologin)
- caution in clicking links in messages and other untrusted sources

Download: You can download the patch from XOOPS File Repository on SourceForge

NOTE 1: Any users that are running an older XOOPS version are advised to update to XOOPS 2.5.7.2 now, which includes the patch.

You can find more information about the original XOOPS 2.5.7 release in this article

--------------------------------------------------------

NOTE 2: Work continues on our next major release of XOOPS! To see what's coming, please check out our GitHub code repositories :

- XOOPS 2.6.0 Core

- XOOPS 2.6.0 Modules

- XOOPS 2.6.0 Roadmap

and especially the great work Eduardo (bitcero) is doing on:

- XOOPS 2.6.0 Enhanced Admin GUI


Please also check out our other Github repositories:

- XOOPS Documentation

- XOOPS current Themes

- XOOPS 2.5.x Modules

- XOOPS 2.0.14+ Themes, 3 columns

- XOOPS 2.0.14+ Themes (2 columns)

- XOOPS Theme Archive (Themes for XOOPS < 2.0.14)

- XOOPS Modules Archive