Since the release of Pligg v1.0.2 it has become clear that there are once again some serious security vulnerabilities within the system. This isn’t the first time pligg site owners and their registered users have succumbed to security exploits within the pligg core. Rather than post our own article on this subject we thought it may be nice to show our readers and Pligg what other bloggers are saying about these security vulnerabilities and also Pliggs Developer approach to fixing them.
As you may or not already be aware Pligg v1.0.2 suffers from some security vulnerabilities and has done so since it’s original release as discovered by Russ McRee of Secunia. Pligg acknowledged these original vulnerabilities a few weeks ago 24th Nov to be exact and put out a statement on twitter revealing that it would take them around ten days to fix the vulnerabilities and release v1.03 to the community. This also coincided with Secunia not releasing exact details fo the security holes until today which is a great move for pligg users and gives them a head start on any attacks.
So what are other bloggers saying on this latest Pligg Security Vulnerability topic.
Sean Michael Kerner from internetnews.com has written a highly insightful article yesterday giving his opinion on the latest pligg security scare.
As opposed to many other vendors/projects which typically release an update alongside security advisories, that’s not the case with the new Pligg 1.0.3 release. The full security advisory isn’t coming out until tomorrow (Dec 2) giving Pligg users (and there are a whole lot of them) a running head start on potential attacks.
Read the Entire Article: Open Source digg-clone Pligg plugs security holes
Pligg have now released v1.0.3 to patch some of these security holes, revealed by Secunia.
We realize every CMS system has vulnerabilities found at some point so pligg is no different here, it’s just nice that Secunia gave Pligg a head start to fix them before going public twitter. Whats your opinion on this subject is ten days too long to have your site vulnerable to hacks after the developers have been alerted to them in case a savvy hacker figures out what the holes are.? Let us know.