A couple of weeks ago a security flaw was found in TimThumb – the script we use to resize images in our themes.
TimThumb is actually an invention of our own – something we originally developed for Mimbo Pro. As soon as the flaw was discovered I set to work fixing as many issues as I could. In the following week I committed at least half a dozen security improvements. The person who announced the issues went so far as to rewrite TimThumb introducing even more new security features.
To ensure that TimThumb is up to date on your website you should either:
The version of TimThumb used on Pro Theme Design themes is always up to date. For releasing theme updates I created a build script. A file that zips up the theme files, updates the translation files, creates the right to left css file for rtl languages, and then updates TimThumb from the latest Google Code source file.
Security has always been a concern with TimThumb and now that there is an extra pair of eyes helping with the code it will be an even higher priority and kept as strong as possible.