This site has been archived and you can no longer log in or post new messages. For up-to-date community resources please visit

eZ Community » Security Advisories » EZSA-2015-001: Potential...

EZSA-2015-001: Potential vulnerability in eZ Publish password recovery

Publication date : 11/05/2015
Severity : High
Affected versions : 4.3-5.4, all community versions at time of writing
Resolving versions : 2015.03 & published service packs for all supported versions

This Security Update fixes a vulnerability in the eZ Publish password recovery function. You need to have the PHP OpenSSL extension (ext-openssl) installed to take full advantage of the improved security, but even without it security is improved. We strongly recommend that you install this Security Update as soon as possible.

Patch for eZ Publish:

Release notes for these eZ Platform releases, which contain the fix:

36 542 Users on board!

Community Project menu

Proudly Developed with from