Thursday, July 7, 2022

94.0.25

  • [security] Fixed case SEC-629: Fixed arbitrary directory creation exploit in bxd.cgi.
  • [security] Fixed case SEC-630: Update cpanel-php73-horde to 5.2.21-1.cp1194.
  • [security] Fixed case SEC-631: Fix MySQL admin takeover via cpmysql adminbin.
  • [security] Fixed case SEC-632: MySQL admin takeover via postponed dbuser creation.
  • [security] Fixed case SEC-633: Fix demo mode bypass in Htaccess::setindex.
  • [security] Fixed case SEC-634: Block cronjob removal when using API1 calls for accounts with demo mode enabled.
  • [security] Fixed case SEC-641: Account modification API calls ensure remote node API tokens are not included in the returned user data.
  • [security] Fixed case SEC-643: Perform an immediate check of account ownership for all accounts submitted to massmodifyacct.
  • [security] Fixed case STS-762: A notification now goes out if a demo account is distributing mail to a child node after an upgrade. it is recommended that these accounts be removed as this is no longer a valid configuration.
  • [security] Fixed case STS-763: Block remote nodes on restoration of an account that is in demo mode.

« Back