Released 2017-09-03
Security fixes release for 2.5.x series.
0023146: [security] CVE-2017-12061: XSS in /admin/install.php script (dregad)
0023166: [security] CVE-2017-12062: XSS in manage_user_page.php (atrol)
0023179: [security] Login page no longer warns about 'admin' directory being present (dregad)
0023181: [administration] Checks on login page are never executed if "admin" dir does not exist (dregad)
0023185: [security] Improve doc and notifications when admin dir is present (CVE-2017-12419) (dregad)
5 issues View Issues