Released 2017-09-03

Security fixes release for 2.5.x series.

  • 0023146: [security] CVE-2017-12061: XSS in /admin/install.php script (dregad)
  • 0023166: [security] CVE-2017-12062: XSS in manage_user_page.php (atrol)
  • 0023179: [security] Login page no longer warns about 'admin' directory being present (dregad)
  • 0023181: [administration] Checks on login page are never executed if "admin" dir does not exist (dregad)
  • 0023185: [security] Improve doc and notifications when admin dir is present (CVE-2017-12419) (dregad)
5 issues View Issues