Groups
Groups
Sign in
Groups
Groups
SilverStripe Release Announcements [ARCHIVED]
Conversations
About
Send feedback
Help
SilverStripe Payment Module: 0.3.1 and 0.4.1 security releases
24 views
Skip to first unread message
Ingo Schommer
unread,
Feb 20, 2013, 5:50:00 AM
2/20/13
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to silverstri...@googlegroups.com
We've discovered a security issue which affects all versions of the payment module when used with the DPS payment provider (
paymentexpress.com
).
In short, attackers can gain access to DPS credentials by URL. Full description:
https://github.com/silverstripe-labs/silverstripe-payment/blob/master/CHANGELOG.md#031
To fix the issue, either upgrade to 0.3.1 (
download
) and 0.4.1 (
download
), or apply the
patch
.
Thanks
Ingo
Reply all
Reply to author
Forward
0 new messages