Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
BrowserCMS is a general purpose, open source Web Content Management System (CMS), written in Ruby on Rails. It is designed to support three distinct groups of people:
BrowserCMS is intended to offer features comparable to commercial CMS products, which can support larger teams of editors. This means having a robust set of features as part of its core, as well as the capability to customize it via modules.
Here's a quick overview of some of the more notable features:
BrowserCMS can create websites that can work in any browser, depending on how developers implement their design as HTML templates. However, the administrator interface is limited to a select # of browsers, with Firefox being the most stable. Supported browsers include:
The next releases will be aimed at tightning up the admin for both Safari and IE7+. We will not be supporting the admin UI for IE6, or other browsers not explicitly listed above.
Before you can use BrowserCMS, you will need to install the gem. See the Getting Started guide at http://browsercms.org/doc/guides/html/getting_started.html, or packaged with this source code (under doc/guides/html/getting_started.html)
To enable S3 file storage set Cms.file_storage_on_s3 in config/initializers/browsercms.rb to true. Ensure that you enter your bucket name in the relavant variable, as well as also provide a s3.yml file that contains your credentials. The credentials file must match that of Paperclip: http://dev.thoughtbot.com/paperclip/classes/Paperclip/Storage/S3.html
Note that changing from local storage to S3 storage will require you to re-upload all your files (or copy the tree to s3) This feature requires the RightAWS gem from RightScale (sudo gem install right_aws)
BrowserCMS is released under a LGPL license, and is copyright 1998-2009 BrowserMedia. The complete copyright can be found in COPYRIGHT.txt, and copy of the license can be found in LICENSE.txt.
The user documentation and guides for this version of the application can be found at:
If you want to experiment with the source code, the BrowserCMS project can bootstrap itself as a web application. This allows developers who want to contribute to the project to easily alter and test changes. To run the application itself, do the following:
cd /path/to/browsercms_source_code
rake reset
script/server
This will drop the 'browsercms_development' database, loads the same sample data from the demo.rb template. By default, the core project is setup to use mysql as the database, but you can change that via the database.yml files.
The homepage for the BrowserCMS project is http://browsercms.org. From there you can find links to the discussion groups and our twitter account. If you have questions about the project or want to get involved, the Google group is the best way to do so. If you would like to report a bug, please do so at https://browsermedia.lighthouseapp.com/projects/28481-browsercms-30
FAQs
Unknown package
We found that browsercms_s3 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.