Thanks for acting early and the heads up! I saw a message elsewhere, but didn't realize it applied to me! 

You can remove the array as well if you don't intend to link images from external allowed sites like those above, though I would highly recommend it if you don't use timthumb at all.

Arras already supports built-in thumbnails since 1.5, but the timthumb feature is still available for users who wish to continue using it.

I just flat-out deleted it.

Amazing theme, BTW and thanks for the update! 

thank u for sharing this warning.. it can really helps a lot..

My hosting provider had fortunaltely put offline my website yesterday. It was due to this vunerability. I've found it while running the plugin "Explot Scanner".
With the new version of timthumb.php, there is still a severe Warning. Is it really safe to use it ?

wp-content/themes/arras/library/timthumb.php:208
Used by malicious scripts to decode previously obscured data/programs    $imgData = base64_decode("R0lGODlhUAAMAIAAAP8AAP///yH5BAAHAP8ALAAAA

Last edited by libretto (2011-09-21 16:03:23)

@dgodfather : I've manually updated timthumb.php

This may not be a problem, here is the source cod from timthunb.php :

if(BLOCK_EXTERNAL_LEECHERS && array_key_exists('HTTP_REFERER', $_SERVER) && (! preg_match('/^https?:\/\/(?:www\.)?' . $this->myHost . '(?:$|\/)/i', $_SERVER['HTTP_REFERER']))){
            // base64 encoded red image that says 'no hotlinkers'
            // nothing to worry about!
            $imgData = base64_decode("R0lGODlhUAAMAIAAAP8AAP///yH5BAAHAP8ALAAAAABQAAwAAAJpjI+py+0Po5y0OgAMjjv01YUZ\nOGplhWXfNa6JCLnWkXplrcBmW+spbwvaVr/cDyg7IoFC2KbYVC2NQ5MQ4ZNao9Ynzjl9ScNYpneb\nDULB3RP6JuPuaGfuuV4fumf8PuvqFyhYtjdoeFgAADs=");

Last edited by libretto (2011-09-22 04:58:36)

thanks so much

Amen to that - I just deleted the file prior to install.

Thanks for the help zt marijuana seeds for sale weed seeds for sale

The latest version of the theme has it removed. See the opening post.