Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
BETA v3.3.5 beta 3

FIX: #974 files does not show permissions on windows
FIX: #973 image.php dir traversal SECURITY
FIX: #972 log.php xss SECURITY
FIX: #971 prevent backend in frames x-frame policy SECURITY
FIX: #970 better cookie security SECURITY
FIX: #969 backup-edit traversal SECURITY
FIX: #966 Security vulns SECURITY
FIX: #965 corrupt page fatal error
FIX: #948 Fatal Error => zip-Backup
FIX: #945 placeholder confusion
FIX: #944 XML External Entity (XXE) Vulnerability in admin/api.php SECURITY
FIX: #979 some debug info when uploading image
FIX: #996 Reverse Proxy : url detection

Mostly low risk security fixes for targeted and drive by attacks
and some reported fatal error handling.

Things that this release will break

Loading back end pages in a frame is by default not allowed via x-frame header, can be disabled.
Cookies will probably break and you will need to login, cookies now flagged with httponly
attempting to use image.php with ../ to process files outside of data/uploads, no longer works.
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
I'm testing it right now. So far so good.

BTW i've used on a different project and i like it. Do you think it could be a good page editor for gs?
No issues found so far (b1 and b2)
Can you add a option for title tag? I didn't like this '<'

Attached Files Thumbnail(s)
Best regards,
That's in your template. Edit it and change &lt; by a slash (or what you wish)
b3 adds a minor fix to myself() by returning only basename()
I did a search across all my test plugins and didn't see any probable issues
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix

Users browsing this thread: 1 Guest(s)