SilverStripe Payment Module: 0.3.1 and 0.4.1 security releases

24 views
Skip to first unread message

Ingo Schommer

unread,
Feb 20, 2013, 5:50:00 AM2/20/13
to silverstri...@googlegroups.com
We've discovered a security issue which affects all versions of the payment module when used with the DPS payment provider (paymentexpress.com).
In short, attackers can gain access to DPS credentials by URL. Full description: https://github.com/silverstripe-labs/silverstripe-payment/blob/master/CHANGELOG.md#031

To fix the issue, either upgrade to 0.3.1 (download) and 0.4.1 (download), or apply the patch.

Thanks
Ingo
Reply all
Reply to author
Forward
0 new messages