eZ Community » Security Advisories » EZSA-2016-002: Disclosure of...

EZSA-2016-002: Disclosure of collected info from information collector

Publication date : 28/07/2016
Severity : Medium
Affected versions : 4.4-5.4, all community versions at time of writing (legacy only)
Resolving versions : 5.4.6, 5.3.8, and published service packs for all other supported versions

This Security Update fixes a possible disclosure to unintended recipients of information collected for objects using the legacy information collection feature. If the session is cleared before accessing the collected info, the first collected info for the object is shown. If you don't use the information collection feature you are not affected, otherwise we strongly recommend that you install this Security Update as soon as possible.

Patch for eZ Publish: https://github.com/ezsystems/ezpublish-legacy/commit/39292170a6237c94b8ef624d962909e43d4c851b

36 542 Users on board!

Community Project menu

Proudly Developed with from