Mambo Open Source released a security patch for Mambo 4.5. From the announcement:
A small patch is now available to upgrade your Mambo sites to version 1.0.8. While it is small in size, it contains several fixes for some very serious security vulnerabilities that can be leveraged under certain circumstances.
All system administrators are advised to temporarily disable User Registration (there is an option in the Administrator's Global Configuration section to do this) until the patch can be applied.
The patch can be downloaded from http://mamboforge.net/frs/?group_id=5&release_id=907.Please note that the main distribution is still version 1.0.7 which and requires the 1.0.8 patch to be applied. The vulnerabilities are present in all prior releases of version 4.5.
I am off to upgrade some sites.
UPDATE:
All old releases are now available on the Mambo code forge, in a project called MOS Archive. If you want them, you can download the files there.
If you enjoyed this post, make sure you subscribe to my RSS feed!
