Zenario 9.5.60437 patch released
5 Feb 2024
Tony Butcher
Critical security patch
This release contains a security patch related to the usage of Twig code in the Twig Snippet plugin, and in the site-wide <head> and <body>.
The Twig template engine currently has a vulnerability with how some of its filters are implemented, where it is possible for a designer or an administrator who is aware of the vulnerability to execute arbitrary CLI code on the server.
This update disables the ability for designers/administrators to call the affected filters.
Other fixes
We've fixed a visual glitch where administrators could always see the "Delete archived versions" and "Rescan text/image extract" buttons in the Content Items panel in Organizer, even if they didn't have the permissions needed to actually press them.
Thanks to...
larchik from T.Hunter for finding this.
