Announcements
XSS via mime sniffing on .dat files
There is a vulnerability in Composr's storage of uploads as .dat files on servers. A hacker could plant code with JavaScript, then trick an administrator to running it on their machine.
This is a low-to-medium risk vulnerability. With planning, creativity, and coordination, this could result in a hacker attaining various malicious outcomes. JavaScript code does not have access to files on a user's own computer, but it can be used to automate privileged web page actions on the website it is running on.
New releases
Composr 10.0.28 released
10.0.28 released. Read the full article for more information, and upgrade information.
Overhaul of project messaging
A number of development practices have been overhauled around how development work is messaged. This is to improve communication to Composr users and also within the development team.
New releases
Composr 10.1 beta20 released
10.1 beta20 released. Read the full article for more information, and upgrade information.
New releases
Composr 10.0.27 released
10.0.27 released. Read the full article for more information, and upgrade information.
New releases
Composr 10.1 beta19 released
10.1 beta19 released. Read the full article for more information, and upgrade information.
Announcements
Security vulnerability in Composr
A security hole has been found in Composr. This is a serious vulnerability that affects all versions of Composr 10+. It is critical that you deploy a resolution to this vulnerability as soon as possible.
New releases
Composr 10.0.26 released
10.0.26 released. Read the full article for more information, and upgrade information.
New releases
Composr 10.0.25 released
10.0.25 released. Read the full article for more information, and upgrade information.
Announcements
Introducing the Conposr and Conposr++ frameworks
Introducing two new frameworks inspired by Composr, but targeted towards the development of standalone web apps.
New releases
Composr 10.1 beta18 released
10.1 beta18 released. Read the full article for more information, and upgrade information.
New releases
Composr 10.0.24 released
10.0.24 released. Read the full article for more information, and upgrade information.
Announcements
compo.sr infrastructure problems (now solved)
An explanation for some recent instability on compo.sr.
New releases
Composr 10.1 beta17 released
10.1 beta17 released. Read the full article for more information, and upgrade information.
New releases
Composr 10.0.23 released
10.0.23 released. Read the full article for more information, and upgrade information.
Announcements
Topic read counts - a bug affecting users who upgraded from ocPortal
We just discovered a bug affecting users who upgraded from ocPortal.
New releases
Composr 10.1 beta16 released
10.1 beta16 released. Read the full article for more information, and upgrade information.
New releases
Composr 10.0.22 released
10.0.22 released. Read the full article for more information, and upgrade information.
New releases
Composr 10.1 beta15 released
10.1 beta15 released. Read the full article for more information, and upgrade information.
New releases
Composr 10.0.21 released
10.0.21 released. Read the full article for more information, and upgrade information.
