A couple of weeks ago a security flaw was found in TimThumb – the script we use to resize images in our themes.
TimThumb is actually an invention of our own – something we originally developed for Mimbo Pro. As soon as the flaw was discovered I set to work fixing as many issues as I could. In the following week I committed at least half a dozen security improvements. The person who announced the issues went so far as to rewrite TimThumb introducing even more new security features.
To ensure that TimThumb is up to date on your website you should either:
- Update your theme from the accounts control panel
- Update TimThumb from the Google Code site
The version of TimThumb used on Pro Theme Design themes is always up to date. For releasing theme updates I created a build script. A file that zips up the theme files, updates the translation files, creates the right to left css file for rtl languages, and then updates TimThumb from the latest Google Code source file.
Security has always been a concern with TimThumb and now that there is an extra pair of eyes helping with the code it will be an even higher priority and kept as strong as possible.
Elemental is a clean & powerful blog framework for WordPress packed with options for customizable layouts, typography, navigation, widgets, page templates and more.
Please send me a copy of the latest TimThumb release so I can replace the old file.
Also send instructions.
Thank you,
Clifford Chentnik
Please update your theme to the latest version and you will then be fully up to date.
So if I buy the new mimbo pro will i receive the theme with already updated and secure timthumb script?
You can reply directly to this email if don’t want this be visible.
Thanks
TimThumb was updated in all Pro Theme Design themes as soon as the exploit was found. Any theme you purchase will have the latest version and be as secure as can be.
timthumb.googlecode.com/svn/trunk/timthumb.php ..
Latest TimThumb release… Right?
yep – always the latest on Google Code