This repository has been archived by the owner on Dec 1, 2023. It is now read-only.
1.0.6
malte-christian
released this
08 Aug 14:40
·
121 commits
to develop
since this release
Added
- Twig debug mode
- Float filter for request arguments
Fixed
- Fixed wrong user role assignment in very rare cases (SQLite)
Security
- XSS vulnerabilities at 404 page, discovered by Onur Yilmaz (https://www.netsparker.com)
- XSS vulnerabilities at login page, discovered by Raphael de la Vienne and Luuk Spreeuwenberg
- SQL injection vulnerability, which can be misused by users with admin privileges, discovered by Raphael de la Vienne and Luuk Spreeuwenberg