Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Multiple vulnerabilies in b2evolution version: 6.11.6-stable #102

Closed
sohambakore opened this issue Apr 27, 2020 · 5 comments
Closed

Multiple vulnerabilies in b2evolution version: 6.11.6-stable #102

sohambakore opened this issue Apr 27, 2020 · 5 comments
Labels
Work in progress The core team will fix this

Comments

@sohambakore
Copy link

Hi @fplanque,

We have identified the following vulnerabilities in version 6.11.6-stable:

  • Open redirect
  • Multiple XSS

Please check your mail for more information.
@fplanque
Copy link
Contributor

Thank you. We are fixing these vulnerabilities.

@fplanque fplanque added the Work in progress The core team will fix this label Apr 28, 2020
@sohambakore
Copy link
Author

Thanks @fplanque for your quick response

@Metztli
Copy link

Metztli commented May 7, 2020
edited

Re: 'Multiple XSS'
Nasty sh*t. I have recovered from backups several times already as soon as a given site is hit and wounded.

@fplanque
Copy link
Contributor

fplanque commented May 7, 2020

All users have had a warning with auto-upgrade possibility since last Friday.

@Metztli
Copy link

Metztli commented May 7, 2020

I have just finished manually upgrading my last site to b2evolution 6.11.7. But

WARNING: You are running an outdated development version (6.11.7-stable-2020-05-01).

Yet other problem was neither b2evo-6.11.7 nor matter of fact b2evo-7.1.5 are shown in the download link nor in the GitHub releases section. But now I have downloaded both cloaked resource archives.

Thanks @fplanque.

@fplanque fplanque closed this as completed Jul 9, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Work in progress The core team will fix this
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@fplanque @Metztli @sohambakore