I know its a very old release and we are working to move off of it, but Im wondering if its affected by the latest security issue published today. It only mentions 1.3 and up. I also do not see the lines mentioned in the verify.php. I do not want to assume Im not affected by this. Thanks.
you may also manually update verify.php:
locate the if statement (at line 72 in 2.0.0-beta.3 and later, line 66 in older versions):
if( $f_confirm_hash != $t_token_confirm_hash ) {
change it to
if( $t_token_confirm_hash == null || $f_confirm_hash !== $t_token_confirm_hash ) {
v1.2.1 affected by latest critical security issue?
Moderators: Developer, Contributor
Re: v1.2.1 affected by latest critical security issue?
Thanks for the quick reply.