My b2evolution Version: Not Entered
Hey guys, I was wondering where we as b2evo users stand on security and security vulnerabilities?
I have read about so many security flaws in Wordpress that it made me wonder where b2evolution stands on the security scale?
As far I understand, the new minimum version requirement for PHP and MySQL for WordPress 3.2 will only run on web servers using version 5.2.4 or greater of PHP and version 5.0.15 or greater of MySQL. This is to ensure that sites using Wordpress would have a lesser risk of attacks due to PHP and MySQL outdated security updates.
Could someone perhaps fill us in on known security vulnerabilities in b2evo and steps taken to protect b2evo users in newer versions.
I think the greatest point of concern is protecting our users/visitors and their info and also dubious hackers injecting all kinds of spam and spyware bugs.
here is recent post regarding a Wordpress flaw:
http://markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/
http://nakedsecurity.sophos.com/2011/08/03/many-wordpress-blogs-at-risk-from-image-based-zero-day-vulnerability/
Should we be concerned about having similar issues?
General Support
b2evolution CMS Support Forums
Even though WP code is total junk, at this time that was only an addon, not the core :)
Anyway, b2evo code is more secure and hacker-proof, only a limited number of devs can submit changes.
I too would like b2evo to drop support of PHP 4 and remove some [u]unnecessary code[/u], but that doesn't mean that there are flaws in the app.