New security update for .617 (.6172)
We have released another security update for the .617 codebase.
We have released another security update for the .617 codebase.
This fixes a specific threat that allows a melicious post (forum, comments, etc) to allow the poster to collect cookies of anyone visiting that page. This is in response to a secunia report. There is related fix for this in the .7 CVS, so if you are using that, make sure you get an update.
Please ensure you get this file as soon as possible and replace your class2.php file. The ver.php file is updated just to ensure the admin area reflects the new version.
You can download the update
hereIf you still have not updated to .6171, ensure you do that too.
Both of these releases are file overwrites only, no db changes needed.
**Also as a reminder, if you have the file
e107_handlers/htmlarea/popups /ImageManager/images.php
hanging out on your system, delete it!