Skip to main content.

Thursday, June 30, 2005

Security issue in XML-RPC library

You might have come across the security bulletin already, but there's quite a serious security issue in the PHP XML-RPC Library that is used by Nucleus and a bunch of other projects. Untill we have a new package available for download with the updated library, here is how to disable XML-RPC support on Nucleus:

  1. Delete the /nucleus/xmlrpc/ directory on your server. This will remove the XML-RPC server from Nucleus. As a result, nobody will be able to connect to Nucleus using external tools (wbloggar to name just one) anymore.
  2. In the /nucleus/libs/ directory, replace xmlrpc.inc.php and xmlrpcs.inc.php by empty files. These are the actual libraries. Though this step is optional, you should do this just to be sure.

After these steps have been completed, the XML-RPC library is fully removed and your Nucleus installation is safe again.

Update: Nucleus v3.21 has been released!

Posted by karma at 18:29:52. Filed under: General

Comments

No comments yet

Add Comment

This item is closed, it's not possible to add new comments to it or to vote on it

Previous Item - Archives - Next Item