- Oct 24, 2004
Not completely true. yes it gains some security fixes from libraries and frameworks its built upon, but it's largely still dependent on the developers to leverage them. For example, one addon developer we've talked about here on TAZ reinvents the wheels - and consequently - opens ups holes rather than call upon the proper frameworks or connect with the right hooks to gain application security built into XF.XF passively gains the security fixes of the libraries and frameworks it's built on top of.
A proper search would scan the update history of those 3rdparty components rather possibly misleading about the script's security record compared to its indivodual components'.
I believe Kier mentioned at one point that XF's security is largely dependent on positive input validation/positive security model.