Jump to content

IPS Community Suite 4.4.9.1

Released 12/20/2019

This is a security release and we recommend all clients upgrade as soon as possible.

Key Changes

This is a maintenance release to fix security reports since 4.4.9.

Additional Information

Security

  • Block binary/octal/hex/decimal based hostnames from being submitted in forms that could trigger an SSRF.
  • Gfycat OEmbed endpoint could create XSS. Also informed Gfycat of issue. - Thanks to René Kroka - https://renekroka.cz for reporting this issue.
  • Addition attachment permission checks when downloading attachments.


×
×
  • Create New...

Important Information

We use technologies, such as cookies, to customise content and advertising, to provide social media features and to analyse traffic to the site. We also share information about your use of our site with our trusted social media, advertising and analytics partners. See more about cookies and our Privacy Policy