eZ Community » Security Advisories » EZSA-2015-001: Potential...

EZSA-2015-001: Potential vulnerability in eZ Publish password recovery

Publication date : 11/05/2015
Severity : High
Affected versions : 4.3-5.4, all community versions at time of writing
Resolving versions : 2015.03 & published service packs for all supported versions

This Security Update fixes a vulnerability in the eZ Publish password recovery function. You need to have the PHP OpenSSL extension (ext-openssl) installed to take full advantage of the improved security, but even without it security is improved. We strongly recommend that you install this Security Update as soon as possible.

Patch for eZ Publish: https://github.com/ezsystems/ezpublish-legacy/commit/5908d5ee65fec61ce0e321d586530461a210bf2a

Release notes for these eZ Platform releases, which contain the fix:
5.4.2: https://doc.ez.no/display/EZP/5.4.2+Release+Notes
5.3.5: https://doc.ez.no/display/EZP/5.3.5+Release+Notes

36 542 Users on board!

Community Project menu

Proudly Developed with from