Please note that this patch has been integrated in Dokeos 1.8.5, released on the 12th of June 2008, and that there is also a Dokeos 1.8.4 SP3 patch available on the security page indicated below.
There’s a new security patch out there for you if you have a Dokeos 1.8.4 portal (if you have below that, I recommend you upgrade to 1.8.4).
As stated on my “Dokeos 1.8.5” page, the release has been delayed a bit more in a hope to provide a few additional and essential features to this version (notably, and extended system of templates for exercises, that will allow for rapid exercises building of many types).
So, because of that additional delay and because these vulnerabilities were found by a Russian team in our code, I felt it was essential to provide a clean patch. You can find all the info you need on our public wiki: http://www.dokeos.com/wiki/index.php/Security
As I was trying to provide this patch first to our registered users, I suddendly remembered we had a problem with the automatic-registration script, which ensures that everyone wanting to have his/her portal registered on this page could actually do that from the administration panel of Dokeos and get the administrator’s e-mail sent to us (and very short info on the portal url, number of courses and number of users) so we could send them the security updates.
As this script was broken, and as I realized it had been for quite some time (a few months), I spent most of my week-end free-time fixing and improving it. Although it doesn’t assign the country correctly just yet (which I’m going to fix as soon as I manage to install GeoIP on our server), it’s pretty much working now, and we already logged about 100 new portals since Monday morning, which makes us quite happy (the number had frozen at about 1600 campuses in May last year, and the newly registered campuses were registered in another database, so in the end we are now well over 2400 campuses all together).