Lanius CMS v0.5.1 release update (security fix)

Lanius CMS v0.5.1 release update

Users of Lanius CMS v0.5.1 r694/r698/r710/r717/r725/r731/r742/r776/r843/r966 shall upgrade to v0.5.1 r983 by using this patch; this patch can also be installed via the Install Patch feature, otherwise simply copy the extracted files over the destination Lanius CMS installation (note: this patch is not necessary for the currently released v0.5.1).

Security bugfix

This patch addresses a minor security vulnerability in the CAPTCHA handling of all addons. Lanius CMS v0.5.0 and Lanius CMS v0.5.1 (<= 0.5.1 r843) are affected by this bug.

The bug allows an attacker to guess the CAPTCHA key without seeing the image, which could lead to huge spamming rates. Lanius CMS v0.5.1 r983 corrects the bug.

Many thanks to consc198 (C & C Advanced Online Services) for discovering this bug.

All users of previous versions of Lanius CMS are invited to upgrade in order to fix this security issue. The v0.5.1 installation package does not need to be patched.