Team Mambo has released version 4.6.1 release.

Mambo 4.6.1 fixes SQL injection and XSS issues, plus a number of minor issues found with 4.6 since its release on Sept 18.

Note that this patch does not address all the concerns raised with SEO and the Language Manager functionality in 4.6. Those issues are being discussed and will be the subject of a 4.6.2 release in the near future.

download MamboV4.6.1 and MamboV4.6.1 Lite now. 

Team Mambo has just released Security Patch 2 for Mambo version 4.5.4. This patch fixes a number of security vulnerabilities and provides some additional hardening of the application. It is recommended that everyone apply this patch as soon as possible. These vulnerabilities affect all recent versions of Mambo so those still running versions of Mambo older than 4.5.4, (ex) 4.5.3h, are recommended to patch up to Mambo 4.5.4 first and then apply security patches 1 & 2. We have also built a version of 4.5.4 with both security patches already applied, MamboV4.5.4_wSP2, which should be used for brand new installs. The new files can be found on Mamboxchange. The team will now refocus its attention on Mambo 4.6 and we will apply the same security changes as needed to 4.6 prior to the official release.

The Mambo Foundation would also like to thank the MamboGuru team for their security suggestions. They contributed a number of good suggestions which we utilized in the latest patch. It’s nice to see the community coming together to help make Mambo an even better product. Mambo On!