#1378 new

Security: security vulnerabilities

Reported by dleffler | September 26th, 2016 @ 02:14 PM | in 2.4.0 (closed)

There have been a large number of security vulnerabilities reported in all past versions (v2.3.9 patch #1 and earlier). These include SQL injections, XSS, RCE, remote file execution, standard security permission compromise, etc... Due to the large number of reports, the fixes will likely require an early release of the next version (2.4.0) instead of a patch to v2.3.9. It will also make the previously supported v2.1.4 and v2.2.3 packages completely obsolete and not recommended for use.

Comments and changes to this ticket

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Bug Tracker for Exponent CMS

Shared Ticket Bins

People watching this ticket