Open Hub
Black Duck Open Hub

 Settings |  Report Duplicate

6
I Use This!
Inactive

News

Analyzed about 18 hours ago. based on code collected 1 day ago.
Security patch for XSS vulnerability
Posted over 8 years ago by info@ocportal.com (Chris Graham)
An XSS security hole has been found in ocPortal and reported to us yesterday. Additionally there are 2 very similar flaws that additional testing has found.This hole allows a hacker to potentially interfere with your website by guiding a logged in ... [More] administrator to a malicious URL.It is important to apply the attached security patch as soon as possible. This patch is compatible with ocPortal 9 sites. The attached zip contains 3 altered template files, to be uploaded to the themes/default/templates directory. Attachment » Download: ocp_security_patch.zip (1.63 Kb, 15 downloads so far) ocPortal's normal session security will block the most dangerous kinds of attack.If you have ModSecurity on your server you are also unlikely to be affected.To prevent this class of XSS vulnerability referring our automated testing tools have been updated. This is how we found the 2 related vulnerabilities in this patch.Additionally for our next version (v10) we have now implemented a self-updating software firewall so we can automatically roll-out live mitigations for this kind of issue. Credit for the vulnerability goes to Arjun Basnet from Cyber Security Works Pvt Ltd (Welcome to Cyber Security Works). We appreciate the time taken to find this issue and report it to us. [Less]
Security patch for XSS vulnerability
Posted over 8 years ago by info@ocportal.com (Chris Graham)
An XSS security hole has been found in ocPortal and reported to us yesterday. Additionally there are 2 very similar flaws that additional testing has found.This hole allows a hacker to potentially interfere with your website by guiding a logged in ... [More] administrator to a malicious URL.It is important to apply the attached security patch as soon as possible. This patch is compatible with ocPortal 9 sites. The attached zip contains 3 altered template files, to be uploaded to the themes/default/templates directory. Attachment » Download: ocp_security_patch.zip (1.63 Kb, 20 downloads so far) ocPortal's normal session security will block the most dangerous kinds of attack.If you have ModSecurity on your server you are also unlikely to be affected.To prevent this class of XSS vulnerability referring our automated testing tools have been updated. This is how we found the 2 related vulnerabilities in this patch.Additionally for our next version (v10) we have now implemented a self-updating software firewall so we can automatically roll-out live mitigations for this kind of issue. Credit for the vulnerability goes to Arjun Basnet from Cyber Security Works Pvt Ltd (Welcome to Cyber Security Works). We appreciate the time taken to find this issue and report it to us. [Less]
Security patch for XSS vulnerability
Posted over 8 years ago by info@ocportal.com (Chris Graham)
An XSS security hole has been found in ocPortal and reported to us yesterday. Additionally there are 2 very similar flaws that additional testing has found.This hole allows a hacker to potentially interfere with your website by guiding a logged in ... [More] administrator to a malicious URL.It is important to apply the attached security patch as soon as possible. This patch is compatible with ocPortal 9 sites. The attached zip contains 3 altered template files, to be uploaded to the themes/default/templates directory. Attachment » Download: ocp_security_patch.zip (1.63 Kb, 22 downloads so far) ocPortal's normal session security will block the most dangerous kinds of attack.If you have ModSecurity on your server you are also unlikely to be affected.To prevent this class of XSS vulnerability referring our automated testing tools have been updated. This is how we found the 2 related vulnerabilities in this patch.Additionally for our next version (v10) we have now implemented a self-updating software firewall so we can automatically roll-out live mitigations for this kind of issue. Credit for the vulnerability goes to Arjun Basnet from Cyber Security Works Pvt Ltd (Welcome to Cyber Security Works). We appreciate the time taken to find this issue and report it to us. [Less]
Security patch for XSS vulnerability
Posted over 8 years ago by info@ocportal.com (Chris Graham)
An XSS security hole has been found in ocPortal and reported to us yesterday. Additionally there are 2 very similar flaws that additional testing has found.This hole allows a hacker to potentially interfere with your website by guiding a logged in ... [More] administrator to a malicious URL.It is important to apply the attached security patch as soon as possible. This patch is compatible with ocPortal 9 sites. The attached zip contains 3 altered template files, to be uploaded to the themes/default/templates directory. Attachment » Download: ocp_security_patch.zip (1.63 Kb, 19 downloads so far) ocPortal's normal session security will block the most dangerous kinds of attack.If you have ModSecurity on your server you are also unlikely to be affected.To prevent this class of XSS vulnerability referring our automated testing tools have been updated. This is how we found the 2 related vulnerabilities in this patch.Additionally for our next version (v10) we have now implemented a self-updating software firewall so we can automatically roll-out live mitigations for this kind of issue. Credit for the vulnerability goes to Arjun Basnet from Cyber Security Works Pvt Ltd (Welcome to Cyber Security Works). We appreciate the time taken to find this issue and report it to us. [Less]
Keeping logins working well on Arvixe
Posted over 8 years ago by info@ocportal.com (Chris Graham)
Hello,If you're an Arvixe user, we now advise adding this to your .htaccess file in your domain's webroot: Code Header set Set-Cookie "VC-NoCache=1; max-age=900; path=/"Header set VC-NoCache "1" If you don't have a ... [More] public_html/.htaccess file then create a blank one just containing this code.This change may be necessary due to a caching change made recently on Arvixe's infrastructure. Aggressive caching is stripping cookies from server-side cached web requests. [Less]
Job opening - Senior PHP developer
Posted over 8 years ago by info@ocportal.com (Rajesh Kumar)
ocProducts is seeking a senior PHP developer to work on ocPortal/Composr projects (Open Source-based development). This is a full-time position for remote workers (part-time workers will not be considered). We will consider candidates from almost any ... [More] country if the job particulars are met. The daily-conditions of employment are highly flexible. Due to the nature of our work, this is a highly skilled position.The particulars of this position are as follows…Very strong knowledge of PHP, including the differences between PHP 5.2 and PHP 7, and all the configuration differences that can affect code compatibility (such as presence of different PHP extensions and different security options).Understanding of unit testing, and the discipline to actively write unit tests for your code. Experience with mature engineering practice is very important, so programmers who have never written a unit test prior to reading about this role are unlikely to be considered.A disciplined coder, demonstrating that you can write properly commented code and cite and maintain various different coding standards, such as PSR-2.Strong understanding of CSS, including different layout models (box types, floats, table model, fixed positioning, absolute positioning). You will not be required to implement full designs in CSS from scratch, but you need to be able to maintain and debug them.Strong knowledge of JavaScript, including how the JavaScript prototype-based object model works, how variable scope works, how closures work, and how the DOM works.Experience reading technology key specifications, such as HTML5, CSS modules, and WCAG. You do not have to have read specifications from start to finish, but you should at least have an awareness of them and the ability to consult them, rather than relying on third-hand knowledge.Experience making accessible websites, preferably including actual experience testing on screen readers, and awareness of the use of ARIA to make JavaScript interfaces accessible.Experience deploying websites to a range of shared web hosts, including configuration experience with htaccess files, php.ini files, and knowledge of complexities such as ModSecurity, reverse proxies, and CGI configurations.Low-level understanding of common Internet protocols is desirable, such as the ability to directly interface with HTTP, MIME, SMTP, and IMAP.A working understanding key Internet technologies such as TCP/IP, HTTP, SQL, HTML, Unicode, and regular expressions, is required.Strong awareness of the differences between different common file formats and encoding schemes. Should understand how video codecs and container formats work. Should understand the relative advantages between the different web-safe image formats.Basic awareness of design principles is desirable. The ability to do original design work is not in any way required, but the candidate must be able to make very minor changes, or add new pages, without the direct assistance of a designer. Basic understanding of information architecture, use of white-space, and understanding of consistent use of a design language (palette, header styles, etc), is desirable. At minimum the candidate must have a feel for what comes across as "too technical" or "unattractive", so that basic customer appeal is upheld in the majority of his/her work.Basic ability to do system administration in Linux is required, including configuring Apache, managing services, and solving common performance problems. This involves having an understanding of commands such as 'top', 'uptime', 'netstat', and so on.Basic understanding of mobile technologies and APIs is desirable, but not required.A strong understanding of security, including XSS and CSRF, is required.A strong understanding of performance, including indexing, use of profilers, and general optimisation strategy, is desirable.Experience with git is essential. The candidate must understand concepts such as clones, merging, branches, and have at least basic awareness of tracking and rebasing.A candidate with experience writing technical specifications and diagramming in UML (or similar flow chart / entity modelling systems) will have an advantage.Soft skills and habits:The candidate must be a quick-learner, a self-starter, and actively keep updated with changes in technology. New technologies will often need to be approached on a weekly basis.Strong English skills are very important. The candidate must be able to communicate fluently in English, and use correct spelling and grammar in their work. If mistakes in spelling are realised late then the candidate must be of a mind-set where they will actively look back at their work and make sure they are corrected consistently. As spelling/grammar mistakes are immediately noticeable to most native speakers, a "good enough" attitude isn't good enough.The candidate will be expected to be continually investing in themselves and their work, to keep improving work quality. The candidate must have a low-tolerance for low-standards and encourage others to improve low-quality work, especially when quality issues affect the productivity of other developers or affect reputation. Simultaneous to this, the candidate will be expected to maintain high levels of productivity - the candidate must have the skill and confidence so that doing things correctly is not a productivity impediment.The candidate must be able to work both unsupervised and within a team. They should be able to take both a leadership role, and a subordinate role, as situations require. "Lone wolf" personalities or people requiring explicit micro-management are not appropriate for this senior position. The candidate must be able to work effectively within large code-bases (that often will have poor documentation) developed by other programmers.The candidate must have a passion for technology rather than a "it's just my job" attitude. This passion will be reflected in a CV. We are open to different examples of a candidate's passion; for example, Open Source contributions, attending hackathons, or community work such as evangelism.The candidate should be able to communicate directly with users and customers (usually via text, e.g. e-mail or support tickets). A high-quality candidate will likely consider this an advantage of the position, as it is a chance to build up industry recognition and a public profile.The candidate should have some degree of political and legal awareness. For example, an understanding of common software licenses, of privacy concerns, of advantages between Open Source and proprietary development, and of different development methodologies, is all desirable.To apply, e-mail [email protected] and CC in [email protected] and [email protected] [Less]
ocPortal 8.1.17 released
Posted almost 9 years ago by info@ocportal.com (ocProducts)
8.1.17 released. Read the full article for more information, and upgrade information.
ocPortal 9.0.20 released
Posted almost 9 years ago by info@ocportal.com (ocProducts)
9.0.20 released. Read the full article for more information, and upgrade information.
ocPortal 8.1.16 released
Posted about 9 years ago by info@ocportal.com (ocProducts)
8.1.16 released. Read the full article for more information, and upgrade information.
ocPortal 9.0.19 released
Posted about 9 years ago by info@ocportal.com (ocProducts)
9.0.19 released. Read the full article for more information, and upgrade information.