TangoCMS 2.2.0 Closes Security Holes
The TangoCMS project has released version 2.2.0 of its web page content management system. Central to the release is resolving some security issues.
During their current development cycle, the TangoCMS team found a number of security problems and decided to release "Eagle" with the express goal of resolving them. Planned enhancements such as a simple WYSIWYG content editor and improved page layout will have to wait until version 2.3.0 due out in mid-2009, according to their roadmap.
An entry in the TangoCMS bug tracker identifies the issue as being one of Cross-Site-Request Forgery (CSRF) in a number of instances. The vulnerabilities also affected previous versions, for which the project can't provide details for obvious security reasons.
A CSRF attack forces an authenticated web application user to execute unwanted actions of the attacker’s choosing, possibly compromising the user's data. The attack typically results from a link or a graphic URL that the attacker sneaks into the background. Especially vulnerable are attacks on privileged users such as web administrators. Attackers can actually use the privileges to wipe out content or even accounts. The Open Web Application Security Project (OWASP) has further details on CSRF attacks, also known as XSRF and “session riding,” among other names.
TangoCMS is available for download as a tarball. The site also describes how to check out the PHP source code from the project's Subversion repository.
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Budgie 10.10 Scheduled for Q1 2025 with a Surprising Desktop Update
If Budgie is your desktop environment of choice, 2025 is going to be a great year for you.
-
Firefox 134 Offers Improvements for Linux Version
Fans of Linux and Firefox rejoice, as there's a new version available that includes some handy updates.
-
Serpent OS Arrives with a New Alpha Release
After months of silence, Ikey Doherty has released a new alpha for his Serpent OS.
-
HashiCorp Cofounder Unveils Ghostty, a Linux Terminal App
Ghostty is a new Linux terminal app that's fast, feature-rich, and offers a platform-native GUI while remaining cross-platform.
-
Fedora Asahi Remix 41 Available for Apple Silicon
If you have an Apple Silicon Mac and you're hoping to install Fedora, you're in luck because the latest release supports the M1 and M2 chips.
-
Systemd Fixes Bug While Facing New Challenger in GNU Shepherd
The systemd developers have fixed a really nasty bug amid the release of the new GNU Shepherd init system.
-
AlmaLinux 10.0 Beta Released
The AlmaLinux OS Foundation has announced the availability of AlmaLinux 10.0 Beta ("Purple Lion") for all supported devices with significant changes.
-
Gnome 47.2 Now Available
Gnome 47.2 is now available for general use but don't expect much in the way of newness, as this is all about improvements and bug fixes.
-
Latest Cinnamon Desktop Releases with a Bold New Look
Just in time for the holidays, the developer of the Cinnamon desktop has shipped a new release to help spice up your eggnog with new features and a new look.
-
Armbian 24.11 Released with Expanded Hardware Support
If you've been waiting for Armbian to support OrangePi 5 Max and Radxa ROCK 5B+, the wait is over.