Important BlogCFC update - thanks to ProCheckup

misc (This post is more than 2 years old.)

Recently the security firm Procheckup performed a security scan on BlogCFC. This was for a customer of theirs but they gladly shared the issues they found. This was rather nice of them so I'd like to thank them. They not only sent me a very detailed list of the issues (XSS issues), but also worked to help me verify they were fixed. Grab the latest bits from RIAForge: http://blogcfc.riaforge.org

Hire Me!

I'm currently looking for my next role in developer evangelism and advocacy. I have a long history of helping companies work with developers and love to write, create demos, and present at conferences. You can find my resume to learn more and drop me an email (raymondcamden@gmail.com) to reach out.

Support this Content!

If you like this content, please consider supporting me. You can become a Patron, visit my Amazon wishlist, or buy me a coffee! Any support helps!

Want to get a copy of every new post? Use the form below to sign up for my newsletter.

Archived Comments

Comment 1 by Josh posted on 5/19/2010 at 9:11 PM

Have you ever looked at Portcullis?(http://portcullis.riaforge..... It's a SQL injection and XSS filter. I use it and it seems to work pretty well. Filters all form, url, and cookie variables.

Comment 2 by Raymond Camden posted on 5/19/2010 at 9:27 PM

No, I've not. I tend to prefer to do things more obvious - directly on the page. Of course, it leads to mistakes like those corrected by Procheckup.

Comment 3 by Mavelar posted on 6/12/2010 at 12:43 AM

Hey Raymond, what if I want to update those specific files. I have my blog cfc customized.

Comment 4 by Raymond Camden posted on 6/12/2010 at 12:48 AM

Check the readme.txt file. It always details exactly what files changed in what release.