We will be exhibiting at CeBit this year! The CeBit trade show takes place every year in Hanover, Germany. It is the world’s largest IT trade fair and thanks to HIS (one of the major sponsors for Achievo 2) we have opportunity to show the IT world the latest preview of Achievo!

This is the first time that Achievo will be present, and we are extremely excited to be attending. If you plan on coming, we’d love to meet you. You can find us on 6 March, in Hall 9, booth C72 (map).

We’ve established a LinkedIn group called Achievo. LinkedIn is a networking site for professionals and the purpose of this group is to extend the Achievo community and provide a place for further discussion and knowledge sharing amongst Achievo enthusiasts. Also we signed up for a Twitter account. Go check it out, follow, and get the latest updates and developments about Achievo.

Join the Achievo group on LinkedIn, and follow Achievo on Twitter:

• Achievo on LinkedIn: http://www.linkedin.com/groups?gid=59134
• Twitter: http://twitter.com/achievo

Today the fourth update to Achievo 1.3 has been made available. Although the changelog is not particularly long, the release should be worthwhile to upgrade to. The scheduler has received some fixes for recurring items and an hidden feature has been turned on. The cronjob for checking the booked hours also received some fixes. And some other small fixes have been done which can be found in the release notes.
We also received some translations for French, Spain, Portuguese -Brazil, Czech which are also included now.

You can download and read the list of changes here.

Sandy

An exploit has been posted for the "mcpuk" file manager that we're shipping with FCKeditor in the Achievo versions 1.2.0 till 1.3.2. The exploit allows an attacker to upload and execute arbitrary code.

While FCKeditor is not used in Achievo, this exploit works even when FCKeditor is disabled, as it calls the vulnerable file directly.

For people who can't upgrade to Achievo 1.3.3 because of modules that don't work with the latest version we advice to remove the file manager manually.


To remove the file manager, go to the 'atk/attributes/fck/editor' directory and remove the entire 'filemanager' subdirectory. Then, you should disable the file manager in the FCKeditor configuration file, 'fckconfig.js' (in atk/attributes/fck). It contains the following three options, all of which should be set to "false" to disable the file manager:

FCKConfig.LinkBrowser = false;
(...)
FCKConfig.ImageBrowser = false;
(...)
FCKConfig.FlashBrowser = false;

Next, you should check if anyone managed to upload malicious code to your site.
After these changes, FCKeditor should continue to work, but you won't be able to upload files with it.

If you have any questions just send me an email.

Sandy

Today we released a bugfix release for Achievo 1.3, this will bring the current version up to 1.3.2. This release fixes 8 bugs that have been reported by the community and sponsors. I'd like to thank the forum users for their help with finding the bugs and even for providing me fixes for the bugs they found.

You can download and read the list of changes here.

Sandy