This site would like to place cookies on your computer. These are designed to improve your experience and provide personalised content. You can accept all cookies, or find out more and accept only certain types.
This site uses cookies, which are small text files, to improve your experience and show you personalised content. You can accept all cookies, or manage them by type.
You can find out more on our privacy page.
This release contains a security patch related to the usage of Twig code in the Twig Snippet plugin, and in the site-wide <head>
and <body>
.
The Twig template engine currently has a vulnerability with how some of its filters are implemented, where it is possible for a designer or an administrator who is aware of the vulnerability to execute arbitrary CLI code on the server.
This update disables the ability for designers/administrators to call the affected filters.
We've fixed a visual glitch where administrators could always see the "Delete archived versions" and "Rescan text/image extract" buttons in the Content Items panel in Organizer, even if they didn't have the permissions needed to actually press them.
larchik from T.Hunter for finding this.