There's a CSRF vulnerability in Mephisto, I'd suggest patching your install:

http://github.com/technoweenie/mephisto/commit/90e2cc253d94e2e544bc8b...

If you're on SVN still, here's a raw patch that you can apply:

http://github.com/technoweenie/mephisto/commit/90e2cc253d94e2e544bc8b...

It applied cleanly to the 0.8 branch.

I know the project is basically dead, but I got a patch out just hours
of hearing about the issue.

--
Rick Olson
http://lighthouseapp.com
http://weblog.techno-weenie.net
http://mephistoblog.com

Am 04.07.2008 um 09:09 schrieb Rick Olson:

looking at the network graph on the hub the project looks quite alive.
I just needs a day every week to merge all the changes into one
repository.

And, is anyone who works on the multisite stuff planning to do
a commercial host like they did with wordpress.com ?
Such a plattform might be a good way to promote mephisto.

ciao, tom

--
Thomas R. "TomK32" Koll || http://tomk32.de || http://ananasblau.com
just a geek trying to change the world
Skype: TomK32 || Mail: tom...@gmx.de

Feel free to take charge.  I don't like appointing 'core team'
members.  I figure if you want to do it, that you'll just do it :)

I planned on it for a little bit, but I don't see the point to be
honest.  There are enough of them out there, I don't see it being a
huge hit or anything.  But, it's open source, so go for it.  I know of
at least one person that may be interested in doing an official
mephisto branded system though.

--
Rick Olson
http://lighthouseapp.com
http://weblog.techno-weenie.net
http://mephistoblog.com