Before the new conference season starts its time to get the rant out of the way. For years i have been asked if i am attending certain conferences. its nice to be invited to go to a conference, or even select the ones i am interested in and can actually afford to go to but here are the main reasons i dont go to conferences.
chronoforms and other chronoengine extensions
developer's site was infected with malware, but is now reviewed as "safe" according to Google transparency report.
The VEL do not know of any recent reports of vulnerabilities in the extensions themselves....
Stored XSS and SQL Injection in SecurityCheck and SecurityCheck Pro Vulnerable Versions: 2.8.9 (possibly below)
resolution: update to version 2.8.10
Using a quick start package may be the quickest way to get a fully set up , add your content site. but are you aware of the dangers.
we tested several quick starts from major providers ranging from Template developers and extension developers who include a ready to go version of Joomla.
We found that there were varying degrees of insecurities. None of these packages are plug/play/forget.