2014-12-03, 05:47:18
http://get-simple.info/download
FIX: #974 files does not show permissions on windows
FIX: #973 image.php dir traversal SECURITY
FIX: #972 log.php xss SECURITY
FIX: #971 prevent backend in frames x-frame policy SECURITY
FIX: #970 better cookie security SECURITY
FIX: #969 backup-edit traversal SECURITY
FIX: #966 Security vulns SECURITY
FIX: #965 corrupt page fatal error
FIX: #948 Fatal Error => zip-Backup
FIX: #945 placeholder confusion
FIX: #944 XML External Entity (XXE) Vulnerability in admin/api.php SECURITY
FIX: #979 some debug info when uploading image
FIX: #996 Reverse Proxy : url detection
Mostly low risk security fixes for targeted and drive by attacks
and some reported fatal error handling.
Things that this release will break
Loading back end pages in a frame is by default not allowed via x-frame header, can be disabled.
Cookies will probably break and you will need to login, cookies now flagged with httponly
attempting to use image.php with ../ to process files outside of data/uploads, no longer works.
FIX: #974 files does not show permissions on windows
FIX: #973 image.php dir traversal SECURITY
FIX: #972 log.php xss SECURITY
FIX: #971 prevent backend in frames x-frame policy SECURITY
FIX: #970 better cookie security SECURITY
FIX: #969 backup-edit traversal SECURITY
FIX: #966 Security vulns SECURITY
FIX: #965 corrupt page fatal error
FIX: #948 Fatal Error => zip-Backup
FIX: #945 placeholder confusion
FIX: #944 XML External Entity (XXE) Vulnerability in admin/api.php SECURITY
FIX: #979 some debug info when uploading image
FIX: #996 Reverse Proxy : url detection
Mostly low risk security fixes for targeted and drive by attacks
and some reported fatal error handling.
Things that this release will break
Loading back end pages in a frame is by default not allowed via x-frame header, can be disabled.
Cookies will probably break and you will need to login, cookies now flagged with httponly
attempting to use image.php with ../ to process files outside of data/uploads, no longer works.