Jump to content
Froxlor Forum

Security Release 0.10.38.3 - Maintenance and minor bugfixes


d00p

Recommended Posts

Dear Froxlor community,

besides possible bugfix releases, this will be most likely the last 0.10.x release. All new feature requests or enhancements to the current feature-set will be redirected to the next major version. All 0.10.x installations will be upgradeable. We plan on having a public beta soon and depending on the feedback a stable release by the end of the year.
 

Changes in 0.10.38:

  • correct Dropdown directory selection; fixes #1044
  • add security question for deleting api-keys to avoid accidental deletion

Changes in 0.10.38.1 / 0.10.38.2:

  • fix possible HTML injections in "forgot password" feature when given email address is not valid and when adding/editing customers as admin/reseller

Changes in 0.10.38.3:

  • fix unintended API key generation
  • fix authenticated unrestricted File Upload to RCE
  • fix username and email enumeration via "forgot password" feature
  • fix unintended SSL certificates deletion

 

Download: 0.10.38.3 | website


Visit http://www.froxlor.org, join our Discord channel (https://discord.froxlor.org) or join #froxlor on irc.libera.chat for support, help, participation or just a chat

Thank you,
d00p

Link to comment
Share on other sites

  • d00p changed the title to Security Release 0.10.38.1 - Maintenance and minor bugfixes
  • d00p pinned this topic
  • d00p changed the title to Security Release 0.10.38.3 - Maintenance and minor bugfixes
  • d00p unpinned this topic

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...