There are some important security fixes to the October platform that address vulnerabilities to the Media Manager and Asset Manager tools.
Build 413 is an important security release and we recommend you update to the latest build. If your website's back-end area is accessible to the public, such as websites used for hosting plugin or theme demonstrations, we strongly recommend you apply this update as soon as possible.
The reported vunerability allows an attacker to execute PHP code on a victim's website where the attacker is an authenticated administrator user with media or asset management permissions.
Your website is not affected if you do not allow access to any of the following areas:
- Back-end administration area
- Media Manager permission via the Media menu
- Asset Manager permission via the CMS menu
These vulnerabilities were first reported to the team on April 7th 2017 by Anti Räis.
If you believe you have found a security vunerability or for further details on this release note feel free to contact us using the email address link in the footer of this page.