Kirby v3.4.5 Release Notes

Release Date: 2020-12-01 // about 2 years ago
  • ๐Ÿš€ Security release

    ๐Ÿ”’ We've been contacted by the security researcher Thore Imhof of Accenture with a vulnerability report that affects file uploads in Kirby's Panel.

    ๐Ÿš‘ An editor with full access to the Panel can upload a PHP .phar file and execute it on the server. This vulnerability is critical if you might have potential attackers in your group of authenticated Panel users, as they can gain access to the server with such a phar file. Visitors without Panel access cannot use this attack vector.

    ๐Ÿš€ We've received this report yesterday and this release will prevent the attack.

    โฌ†๏ธ We recommend to upgrade your sites to Kirby 3.4.5.

    ๐Ÿš€ This security release does not introduce any features or other fixes.