WebsiteBaker > Security Announcements

Security Hint

(1/1)

DarkViper:
Last days we got a message that one of a 3thParty package, used in WebsiteBaker, contains a minor security issue. It is not a High-Risk-Level but anyway.

The endangered package  you can find in wb/includes/idna_convert/.
There is a CSRF issue in the file examples.php. This file itself is never needed by WebsiteBaker and can/should be deleted from webspaces as soon as possible.

There is no fix/patch planned against.
To solve these problem, from next official release of WB the file is encapsulated in a ZIP archive, so there is no more possibility to call it from outside.

Navigation

[0] Message Index