We would like to thank Joshua for his cooperation! # Updated security guidelinesīefore this release, the existing CKFinder documentation could lead to the impression that CKFinder can fully protect against content sniffing by web browsers. The issue that is resolved in the patch and the updated security guidelines was reported by Joshua Provoste as a problem related to handling files without extension, content sniffing, and various XSS issues to which it may lead. The security patch for CKFinder 2.6.3 was added to the PHP, ASP.NET, classic ASP and ColdFusion server-side connectors. We have also published new guidelines for securing your server against content sniffing by web browsers when using a public folder for uploaded files.ĬKFinder 2.6.3 includes a security patch for the server-side part of the application, so updating is highly recommended. ![]() ![]() We would like to announce that CKFinder 3.5.1 and CKFinder 2.6.3 have just been released.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |