News

New Seditio licensing system & v125

Tue, 01 Apr 2008 12:39:00 -0400

From now (This is not an April Fool's joke), the Seditio Commercial Licence and Copyright Removal are merged into a single kind of licence, the Seditio Licence. The base pricing of this licence is lowered from 30 to 25 Euros, and the Reseller Licence Owners will get a 20% discount, so that's 20 � per extra licence.

The goal is to make the Licensing system easier to understand and more fair for our loyal contributors and resellers. And the price is lowered to take into account the recent EURO/USD balance.

All existing licences in our database will be converted to the new single type.
The Services area will soon be updated with all these changes.

And more news from the "coding frontline", the next Seditio build is on it's way, it will be numbered 125, stay tuned for more details !

Search plugin, security patch

Fri, 30 Nov 2007 09:21:47 -0500

It's recommended to all Seditio v121 users to re-download the v121 package, and replace the file plugins/search/search.php as soon as possible, it will fix a potntial SQL injection.

Download Seditio v121 here !

Seditio v121, security patch

Fri, 12 Oct 2007 08:17:00 -0400

It's recommended to all Seditio v121 users to re-download the v121 package, and replace the file system/functions.php as soon as possible, it will fix a security issue about ASCII chars and HTML code execution in user submitted forms.

Thanks to Yasebo, Kilandor, Orkan and Spartan for their contributions on the reports and the fix(es).

Download Seditio v121 here !

Seditio v121 released

Sun, 18 Mar 2007 22:34:00 -0400

There's a new build for Seditio available :

Download Seditio v121 here !

The list of the changes is in the project tracker.
This release is ONLY made of bug fixes in the system files, it's a recommended upgrade.

Please note that despite the core code being numbered "121", it will run all plugins and skins made for any previous version (100, 101, 102, 110 or 120). You don't have to upgrade your current v1xx skins or plugins, only changes are in the system files.

Thanks to all the reporters and contributors !

Seditio v120

Thu, 15 Mar 2007 21:01:00 -0400

There's a new build for Seditio available :

Download Seditio v120 here !

The list of the changes is in the project tracker, and few more details in the history log.
This release is moslty made of bug fixes, none were critical.
Still, it's a recommended upgrade.

Please note that despite the core code being numbered "120", it will run all plugins and skins made for any previous version (100, 101, 102 or 110). Said another way, you don't have to upgrade your current v10x skins or plugins, only changes are in the system files and in the SQL structure.

Edit :

If you downloaded the new package before this notice, re-download and replace the files :

- system/common.php
- system/functions.php

Seditio v110, security patch #2

Fri, 24 Nov 2006 19:55:00 -0500

It's recommended to all Seditio v110 users to upload and replace the 5 files from this package, it's fixing several security issues, including the fix for the "Avatar Select" hack.
Those fixes are now also included in the full Seditio installation.

Thanks to Nukedx for the report.

UPDATE : And thanks to Poncha there's a port for LDU v802 here.

Seditio and LDU all versions security issue (UPDATED!)

Tue, 21 Nov 2006 19:30:00 -0500

A security breach was reported, about a potential SQL injection in all Seditio and LDU versions. A flaw in the code for the default avatar selection, coupled with a weirdness from a PHP function, allows an attacker to arbitrarily run a SQL query and change the password of the administrator and thus gain control of the whole site.

Please read the instructions here, all users !

Seditio v110 final build released

Thu, 28 Sep 2006 08:22:00 -0400

There's a new build for Seditio available, the list of the changes is in the bugtracker.

Download Seditio v110 here !

If you're already running the v110 RC, you simply have to update the files listed here at the bottom of the page, don't run the SQL upgrade tool once again.

Seditio v102, new build is available.

Wed, 03 May 2006 14:11:00 -0400

There's a new build for Seditio available, with few dozens of tweaks and fixes, the list of the changes is in the bugtracker. It's a minor maintenance release, so the upgrade from the previous version shouldn't take you more than few minutes.

Download Seditio v102 here !

Security patch for Land Down Under 802

Sat, 01 Apr 2006 20:20:00 -0500

A vulnerability was reported in Land Down Under v802.
A member could submit a malicious event and under some conditions steal the cookie of an administrator and later breach the security of the system. This upgrade is highly recommended. The full v802 package is updated with this fix.

Download it it here.

Seditio v101, maintenance release.

Thu, 16 Mar 2006 07:58:00 -0500

There's a new build for Seditio available, fixing some annoying bugs, aswell couple of cosmetic tweaks, the list of the changes is in the bugtracker. The upgrade from Seditio 100 is pretty simple, it's only a matter of replacing files, all is detailled in the package.

Seditio v100 !

Fri, 10 Mar 2006 10:27:00 -0500

Here it is, the second website engine from Neocrome.

To sum it up, it's a PHP/SQL website engine that takes the best of the 3 years of development for Land Down Under, with major improvements in security and handling of the datas. Another noticable point is that the management of the users in Seditio is based on groups, instead of the LDU "levels". This greatly improves the usability of the CMS, with no loss of performance.

There's a tool available to upgrade from Land Down Under v802, be warned that it's not an easy move, so if you're happy with your actual LDU setup, keep it :]

If you were already running one of the beta builds on your site... wait wait, didn't I tell you to not do this ? well anyway you simply have to replace all the files from the folder /system, and all the default plugins just to be sure.

Download Seditio here !

Seditio in one week, and last beta today !

Fri, 03 Mar 2006 08:34:00 -0500

There's a new build for Seditio available in the download section, and the list of changes is here. The documentation is also slowly starting to roll, here. If all tests are ok, the final version should be out the end of the next week, around the 10th, wild guess.

Seditio v100 beta released.

Sun, 19 Feb 2006 20:45:00 -0500

Here it is, the first real public build of Seditio v100.

Remember that it's beta quality code, it's not recommended for live sites, even if it mostly works. There are bugs and issues left, and some details may change in the final release. This package is featuring a special skin made by riptide that comes with an extra language file to handle the words there were previously hardcoded in the skin files.

There's also an upgrade tool bundled, it's working fine, but there's some undocumented limitations so you should not use it on a live site.

All comments, bug reports and feedback must go in the Seditio section in the forums, thanks.

I'll pack up and upload all the available compatible plugins in the next few days.

Grab the Seditio beta here.

First public beta of Seditio this week-end

Fri, 17 Feb 2006 17:00:00 -0500

In order to speed up the testing phase of the upcoming Seditio v100, I'll release a public beta package this week-end, plus 2 or 3 skins, and all the plugins done so far.

Be warned that it's beta quality code, it's not recommended for live sites, even if it mostly works fine. There are bugs and issues left, and some details may change in the final release. The upgrade tool (to move from Land Down Under to Sedito) will come as a separate pack.

For this event the bugtracker will be "unpaused", so all can help and contribute the development. As usual, all comments and suggestions are welcome in the forums.

(About the site, you may notice that the comments are back, and all ratings were reset)

Land Down Under v802

Mon, 12 Dec 2005 06:30:00 -0500

The changelog is here.

It's a minor release, some bugs fixes and few enhancements, thanks to all the people that helped with the bugtracker and their reports.

This small upgrade is only a bout the core code, there's no required changes for the skins or the languages packs.

LDU v801 released !

Thu, 25 Aug 2005 08:44:00 -0400

The changelog is here.

This release mostly consist of bugs fixes and enhancements, thanks to all the people that helped with the bugtracker and their reports.

There's also few tweaks about the security and the handling of the error messages, so this build is a "recommended upgrade", with no emergency.

Regarding LDU at SecurityFocus.com

Sun, 21 Aug 2005 09:25:00 -0400

Since yesterday there's 2 new items about LDU at http://www.securityfocus.com, about "security exploits" that may affect LDU build 800. None of the tricks written there are working, the variables are properly sanitized and no LDU version is affected. This morning I notified the moderators of the site.

The 2 articles are here :

http://securityfocus.com/bid/14618/exploit
http://securityfocus.com/bid/14619/exploit

I'll post here if there's updates on this topic.

UPDATE :

And Internet being a wonderful place where everybody keeps blindly copying the others, the erroneous informations are now mirrored here, here, here, here, etc.

Security advisory : Shoutbox plugin

Thu, 28 Jul 2005 20:23:00 -0400

I've been informed that the plugin "Shoutbox" permits the contributors to directly post HTML code in the home pages. Of course this is a major security issue, and we strongly recommend the webmasters that installed this extension to disabled it as soon as possible, or to apply [url=forums.php?m=posts&p=81340#81340]the fix detailed here by bigdave[/url].

Please notice that it's a third party plugin, LDU itself is not compromised.

On more general scope, you should never install plugins where your visitors are allowed to publish HTML with no validation, and you should never allow the un-registered users (level 0) to submit a single byte of data.

Security advisory : HTML in the signatures

Thu, 28 Jul 2005 20:22:00 -0400

We received reports that under some circumstances an attacker could manage to steal your (web) cookies, by putting some evil Javascript code into his/her user signature, if images and HTML code are enabled there at your website. This is already fixed in the next LDU v801, until this release it's recommended to go in :

Administration panel > Configuration > Users

... and set the option :

Allow images and HTML in user signature : No