Jump to content

Invision Community 4.4.9.1

Released 12/20/2019

This is a security release and we recommend all clients upgrade as soon as possible.

Key Changes

This is a maintenance release to fix security reports since 4.4.9.

Additional Information

Security

  • Block binary/octal/hex/decimal based hostnames from being submitted in forms that could trigger an SSRF.
  • Gfycat OEmbed endpoint could create XSS. Also informed Gfycat of issue. - Thanks to René Kroka - https://renekroka.cz for reporting this issue.
  • Addition attachment permission checks when downloading attachments.


×
×
  • Create New...