CMSimple 4.6.3 - Security Update

A place for security related announcements and discussions - please check this forum frequently!
Post Reply
cmb
Posts: 12221
Joined: Tue Jun 21, 2011 11:04 am
Location: Mü-Sa, RLP, DE
Contact:

CMSimple 4.6.3 - Security Update

Post by cmb » Mon Jun 06, 2016 4:20 pm

Today CMSimple 4.6.3 has been released with the following note:
[…], a smaller security gap has been eliminated, so an update is recommended.
Has anybody further information about this vulnerability; especially, is CMSimple_XH affected as well? Would be good to know to provide a security update as well, but I'm not able to find a vulnerability from looking at the diff.
Christoph M. Becker –Plugins for CMSimple_XH, but not for CMSimple 4+

cmb
Posts: 12221
Joined: Tue Jun 21, 2011 11:04 am
Location: Mü-Sa, RLP, DE
Contact:

Re: CMSimple 4.6.3 - Security Update

Post by cmb » Thu Jun 09, 2016 11:47 am

Thanks to Holger and Gert I'm now aware of the issue. At least for CMSimple_XH 1.6.7 that is not a vulnerability – so no need to worry. It still is a bug, so I'll follow up in the Bugs forum.
Christoph M. Becker –Plugins for CMSimple_XH, but not for CMSimple 4+

Post Reply