> Because of the announced vulnerability with the bundled
> XML-RPC library
> prior to Eventum 1.6.1, I am concerned to remedy this. We are running
> Eventum 1.5.4 and the diff list between the two versions are quite big
> so it would have been great if it's possible to replace the XML-RPC
> library to prevent the vulnerability issue.
> Is this possible?
Sure, just download the new XML-RPC release and replace the existing
classes for the new ones.
The bundled version that we ship on 1.6.1 uses the Curl extension to
handle SSL installations, but the stock version should work as well.