de 2018 >> Über uns >> Informationen / Aktuell >> DynPG Update 4.2.1 Sicherheitsupdate

DynPG Update 4.2.1 Sicherheitsupdate

Version 4.2.1 von DynPG schließt hauptsächlich eine Reihe von leichten Sicherheitslücken im Backend.

Download DynPG Version 4.2.1

Wichtigste Neuerungen

  • Wichtiges Sicherheitsupdate.
  • Aktualisierte TCPDF API.

Changelog

  • bugfix: hide internal include file path on require error
  • bugfix: file inclusion vulnerability in SetParam_Plugin_Language because of missing get parameter sanatizing.
  • bugfix: fixed mysql injection vulnerability.
  • bugfix: escape_string with real_escape_string.
  • bugfix: realescape string password and systemname.
  • bugfix: fixed several vulnerabilities (noticed by High-Tech Bridge SA HTB22701 - HTB22703).
  • bugfix: add slashes to subarrays inside _POST, too.
  • added: new Template var Listing_Empty in write_allArticles().
  • added: slashed article fields for php functions within template to avoid parsing errors! $#PHP !empty('{$TITLESLASHED}') # if TITLE contains ' unslashed will fail!
  • bugfix: notLike match as corrected, since it has been used twice inside match4.
  • update: tcpdf class to 5.9.
  • bugfix: mediabrowser popup.
  • bugfix: reduced fading time for loading effects.