- 註冊時間
- 2006-3-13
- 最後登錄
- 2023-9-3
- 在線時間
- 673 小時
- 閱讀權限
- 200
- 積分
- 417
- 帖子
- 1107
- 精華
- 0
- UID
- 2
 
|
收到 Yii 官方的通知
主旨:yiiframework.com security issue
Hello bestlong,
Earlier today it was discovered that the entry page on the Yii website had been defaced. The website was restored in less than an hour from discovery. The defacement was made possible by a vulnerability in the separate forum software used on the site. This vulnerability has now been fixed.
For your information, here are some details about the event:
1. The website's index.php was compromised through a vulnerability in the separate forum software (IPB, not Yii).
2. Neither the website's code nor Yii framework code was involved or part of the attack in any way. Hence, the security of the Yii framework remains as secure today as it was yesterday.
3. No framework downloads were affected, as the Yii framework source code is hosted externally.
Although we're storing passwords encrypted and are salting hashes, we recommended that you change your forum password. Please also note that if you are using the same password for other services and/or websites, you should change those as well.
Thank you for your patience and understanding,
Yii framework team
|
|
發表於 2013-7-27 01:07
