Security: security vulnerabilities
Reported by dleffler | September 26th, 2016 @ 02:14 PM | in 2.4.0 (closed)
There have been a large number of security vulnerabilities reported in all past versions (v2.3.9 patch #1 and earlier). These include SQL injections, XSS, RCE, remote file execution, standard security permission compromise, etc... Due to the large number of reports, the fixes will likely require an early release of the next version (2.4.0) instead of a patch to v2.3.9. It will also make the previously supported v2.1.4 and v2.2.3 packages completely obsolete and not recommended for use.
Comments and changes to this ticket
-
dleffler September 26th, 2016 @ 02:18 PM
- no changes were found...
-
dleffler October 29th, 2016 @ 12:52 AM
- State changed from “new” to “resolved”
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create new ticket
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป
Bug Tracker for Exponent CMS
dleffler
expNinja