Skip to content

9.1.8

Latest
Latest

Choose a tag to compare

View all tags
@rhukster rhukster released this 26 Jun 05:18
9.1.8
d5af54e
This commit was signed with the committer’s verified signature.
rhukster Andy Miller
GPG key ID: 9F2CF38AEBDB0AE0
Verified
Learn about vigilant mode.

Bugfix

  • Security: the form save action now rejects a folder setting that tries to escape the data directory, preventing form files from being written elsewhere on disk.
  • Security: the form save action now re-checks the filename after template processing, so submitted form values can no longer turn it into a disallowed file type or a path outside the data directory.
Assets 2
Loading