Both Alfresco Enterprise and Community Edition users need to pay attention to the security alert that went out last night. In a nutshell, two serious security issues (ALF-13721, ALF-13726) that could be exploited in order to gain unauthorized access to your repository and the content within it have been discovered and addressed.
ALF-13721 refers to an issue that the SOLR API webscripts can be executed without authentication. If you are running Alfresco 4, this affects you, even if you have not installed or configured SOLR. The issue is addressed in 4.0.1 Enterprise. A hotfix is available for 4.0.
ALF-13726 is about exploiting the XSLT engine’s ability to run arbitrary Java classes which could be used to grant someone access to the repository. This one affects all versions of Alfresco. This issue will be addressed in 3.4.9. A hotfix is available.
Community Edition users should be able to patch these issues themselves using information provided in the Jiras and forum post referenced above. The fixes will be incorporated into the next Community release.
If you want to give a talk at DevCon, here are your options:
- Read the call for papers, then submit a proposal for a traditional session no later than May 19
- Come to the conference and sign up for a Lightning Talk
- Come to the conference and participate in a Birds-of-a-Feather session
If you have an idea for a session but you don’t want to speak, reply to this thread in the forums with your idea and maybe it will inspire someone else to give the talk.
Last week I announced that Alfresco DevCon 2012 will be in Berlin and San Jose. We’ll be at the Berlin Hilton November 5, 6, & 7 and at the San Jose Marriott & Convention Center November 13, 14, & 15. Eagle-eyed readers who saw the announcement last week will note that the Berlin date has changed. The DMS Expo conference in Stuttgart conflicted with our dates so we’re moving to give everyone the maximum opportunity to Experience DevCon Awesomeness.
In both cities, the first day of the conference is an optional training day. We’re still working out exactly which classes will be offered on the training day, but we are increasing capacity this year due to popular demand.
Like last year, the main conference days will feature keynotes from Alfresco leadership, some great sessions from Alfresco Engineers, partners, and other members of the community, and plenty of opportunities for networking.
I’m finalizing tracks right now. As soon as I’m done, I’ll post the call for papers. I expect you to unleash a flood of outstanding conference submissions.
If you need some inspiration, take a look at the DevCon 2011 presentations on slideshare.
I typically post DevCon related news here but you might also want to follow the DevCon blog as well.
I think this is kind of cool. It’s a map that shows the Alfresco English-language forums users.
(Click to enlarge)
I love how global our community is! If your location isn’t represented, it is because either I couldn’t look up your location by IP address or you don’t have your location set in your forum profile. Telling us a bit about who you are is useful beyond map-making–it can help with event planning, for example. And maybe you’ll find someone nearby with similar interests. So why not update your location while you’re thinking about it?
Looking at the map, I guess my biggest question is: What gives, Iceland? You keeping all of that good Alfresco knowledge to yourself or what?
While I’m on the subject, I should probably mention that the top users in terms of number of posts for March were (in alphabetic order):
And, if you are looking to help make a dent in unanswered posts, the top forums in descending order of unanswered posts are:
- Alfresco Share
- Alfresco Share Development
- Alfresco Discussion
- Authentication, LDAP, & SSO
- Repository Services
- Development Environment
- Web Content Management
Unanswered posts were below average in February and March, which is great, but there is still room for improvement.