Skip to content

9.5.9
Compare
Choose a tag to compare
@trasher trasher released this 14 Sep 12:55
· 50 commits to 9.5/bugfixes since this release
9.5.9
e2506e1

This is a security release, upgrading is recommended

Download it

This release fixes several critical security issues that has been recently discovered. Update is strongly recommended!

You will find below the list of security issues fixed in this bugfixes version:

  • [SECURITY] XSS through registration API (CVE-2022-35945)
  • [SECURITY] Leak of sensitive information through login page error (CVE-2022-31143)
  • [SECURITY] [critical] Command injection using a third-party library script (CVE-2022-35914)
  • [SECURITY] SQL injection through plugin controller (CVE-2022-35946)
  • [SECURITY] [critical] Authentication via SQL injection (CVE-2022-35947)
  • [SECURITY] Blind Server-Side Request Forgery (SSRF) in RSS feeds and planning (CVE-2022-36112)

Regards.

Assets 3