We just released a new version of jNews: 8.1.x. It is important that you update to this version, as it fix a potential cross-site scripting (XSS) security vulnerability that has been identified in one of the library we use: Open Flash Chart. This library is used to show graphical statistics in the jNews.
We recommend that all customers update to 8.1.x.
To fix the problem you can also simply replace the appropriate file to the latest version:
The file to replace is open-flash-chart.swf. It is located here: http://www.YourSite.com/components/com_jnews/includes/openflashchart/open-flash-chart.swf
You can download the latest file here:
To download the swf file, right click on the link and select Save Link As...
How to obtain the latest version?
- For Free version users — click here to get the latest version.
- For Commercial version users
- If you purchased jNews after February 2012, you can download the updated file from your order page. Please go to My Purchases from the members area to access the file.
- All users purchased before February 2012 are advised to submit a ticket with your order number and/or website URL to obtain the latest version.
In our effort to serve you better, you may also sign up for e-mail notification and/or follow our Facebook and Twitter pages to receive any future advisories.