Zikula, an open source content application framework (CMF) built on Symfony has recently been updated to version 2.0.12 and 1.5.9 to resolve two security vulnerabilites.
If you’re currently running your websites and apps on Zikula, you’re encouraged to upgrade as soon as possible to fix these bugs. One of these fixes relates to Symfony framework. it’s a fix related to the disclosure of uploaded files full path. and the other relates to Zikula template.
Security fixes from Symfony:
- Disclosure of uploaded files full path (CVE-2018-19789).
- Open Redirect Vulnerability when using Security\Http (CVE-2018-19790).
- Fixed broken support for custom block templates in themes.
For those who want to install Zikula, the two posts below should be a great place to start. They show you how to install Zikula with Apache2 or Nginx HTTP servers.
Install Zikula with Apache2 Support
If you wan to learn how to install Zikula CMS with Apache2 support, then use the link below:
Install Zikula with Nginx Support
If you rather have Zikula with Nginx HTTP support, then use the link below:
If you already have Zikula installed and you want to upgrade your existing installation, then you’ll have to follow their support help articles to get started.
You’ll also want to back up your current site’s content and database before attempting to upgrade your site. For sites using Composer to install Zikula, then update the version number in the composer file and run the commands below.
sudo composer update
That should take care of updating Zikula.
You may also like the post below: