bot 0 Posted September 5, 2016 Report Share Posted September 5, 2016 This release contains a security update to address a possible issue where uploaded files may execute as scripts. For this to happen, a server must be configured to allow for very loose rules for what is an executable script. Most servers will not be vulnerable to this issue but we have no way of detecting which may be so we are releasing this security update as a precaution. It is recommended this release is installed as soon as possible. This new version improves the security of the .htaccess protection for the /uploads folder on your site. If you have already enabled the security feature "Protect Writeable Folders From Dangerous Files", then you will need to manually update the .htaccess file which you can do simply by opening "uploads/.htaccess" in a text editor and replacing its contents with: #<ipb-protection> <Files ~ "^.*\.(php|cgi|pl|php3|php4|php5|php6|phtml|shtml|([a-z0-9]{32}))$"> Order allow,deny Deny from all </Files> #</ipb-protection> View the full article Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.