Protecting Mambo Open Source


With recent security exploits we have put together a simple HOWTO using Apache's htaccess feature. This solution will work for all versions of Mambo Open Source.

Release Candidate 3 now available


Due to security exploit in Mambo, Release Candidate 3 has been released to address this issue.

With any version of Mambo Open Source prior to 4.0.12 RC3 it is possibe for someone to gain access to your site without the need for a username or password.

It is recommended that all users upgrade to this release. A patch is also available from SourceForge for users running 4.0.12 RC2.

We will be releasing information on how to address this issue in earlier releases as soon as possible.

Security Patch for 4.0.12 RC3


A further security exploit has been discovered and a patch has been made available at SourceForge. The patch should be applied immediately and will work for 4.0.12 RC2. Download it here