[LOW SECURITY] EDocman 1.6.1 released

  • Tuan Pham Ngoc
  • Topic Author
  • Offline
  • Administrator
  • Administrator
More
10 years 2 weeks ago #53433 by Tuan Pham Ngoc
[LOW SECURITY] EDocman 1.6.1 released was created by Tuan Pham Ngoc
Dear customers

Today, we are happy to announce the next release of EDocman - version 1.6.1. This release contain no new feature, we just addressed a low security issue (I think we can call it "bad practice").

1. Issue description

In EDocman version 1.6.0 and earlier, when you first install EDocman, we created a default folder called edocman with permission 0777. Generally it's bad practice to have a with permission 0777 (because it is writeable to anyone). So we just changed the installation script so that the default folder will just have default permission set to 0755.

2. It is not a really a security issue

Although the folder is created with 0777 permission, however, it is still fully protected using a htaccess file. No files can be accessed directly (even users know the link), no files within that folder (even php file) can be executed... So your site won't be affected at all by this security issue. That's why I called "bad practice".

3.How to solve the issue

- Just change permission of the edocman folder to 0755 (via FTP)

- Or upgrade to EDocman version 1.6.1. When you upgrade to 1.6.1, edocman installation script will change permission of the folder automatically. To upgrade to this latest version, please just login to your account, access to My Downloads menu item to see your order and download latest version from there

Regards,

Tuan

Please Log in or Create an account to join the conversation.