Secunia Research contacted us a few days ago about two potential security issues.Secunia Research contacted us a few days ago about two potential security issues. We have been working to reproduce and fix the issues, while they have held off making them public.
While I won't go into too much detail, I will say that one involves being able to upload a malicious file. It requires an odd set of preferences and a missing file to allow it to happen though, so the threat is pretty low in our opinion.
The other was a js code injection. The user was able to inject some js code that would run if an admin edited the users post. This was only open if the site had the 'personal content manager' option enabled in the content plugin.
Both have now been fixed...thanks again to Secunia for pointing them out to us.
Of course, the release also includes all other bug fixes that have been committed since the last release.
Link to downloads here: http://e107.org/edownload.php
Changes found here in the changelog
e107 is open-source and of course, free. None of the developers of this software are paid, but donations do help to cover our monthly dedicated-server costs. If you like and use e107, please consider making a $5 monthly donation. Every little bit helps and is greatly appreciated. Thank you.