Has there been any security issues or vulnerabilities?

[techshots]

I'm considering GS as one of my main offerings for customers but I need to know about security issues.

Are there or have there been any ongoing security issues or hack vulnerability issues with concrete5(sorry I meant GS not concrete5)?

I truly need an honest assessment from the developers and creators and users of concrete5 before moving forward.

Thanks,
HN

[internet54]

Currently GS has no known vulnerabilities. Even with 777 on some folders, if you wanted to, you could put those folders above the public_html directory and that would eliminate access from anyone to them.

There were a few vulnerabilities a few months ago, but the new version fixed them.

I've never used Concrete5 and probably never will... but it took me 10 minutes to find any info on whether it was a mysql or flat file system. Since it uses MySQL, security is a little tighter in that aspect, however, if you have your 777 folders above your public_html folder, then you could argue both ways.

[ccagle8]

2.0 is more secure than 1.71 and 2.01 will be even more secure than 2.0. I have taken security very seriously and worked extremely fast anytime any holes were found.

Thanks to Zengat (aka Martijn) and "Alexander" (who is not part of this forum) who helped fix a few holes, 2.01 will be by far the most secure version of GS. Because we haven't been around for a full year yet, there probably will be some small security holes that pop up every now and then - I think it's inevitable for any system, esp for a young one like ourselves.

That said, I trust it. I use it on many sites and I can sleep at night.

Thanks.

[Zegnåt]

There probably will be some small security holes that pop up every now and then.

Which happens for every single system out there, even WordPress gets new holes every once in a while. Just make sure you keep running with the latest version and you’ll be al right.